#general

👋

Well hey Tim Taylor the Tool Man

hihi

👋

Just pondering the MITRE news. So if we have no more CVEs I guess that means we can all pack it up, no more vulnerabilities

Yep

I joke but yeah, not great.

We solved vulnerabilities!

I'm wondering if the NCSC will pick up the slack

I think not with how things are going unfortunately 🙃

Eek

Not too familiar with the NCSC but a boys gotta be hopeful

Anyways yeah I deliberately overstated the potential impact, we shall see but yeah backlogs galore either way

CVEs weren't being enriched for a while a year back iirc

They’re trying to say it will mostly impact the CWE program but yeah idk about that…

An impact either way is gonna be rough

Indeed, just weird to think about when yep I had to refer to specific CVEs multiple times at work today lol. I mean kind of to be expected in infosec but whew

but yeah we shall see

Yeah I don't think there's a day where I'm not referencing a CVE

No more CVE 😳

But now just gotta hope there's no CVEs past April 2025 ever again

(Except for the chrome critical today)

Ugh

Should I sleep for 2 hours and go to school

Good luck

Either way this will be a wake up sign to the industry that yeah maybe we should try for something a bit more distributed if that’s even viable

Brb gotta add "Matured the Security Program to ensure no new CVEs were introduced into the environment since April 16th, 2025." To my CV

I 100% agree.

Even the reliance on VirusTotal annoys me sometimes

Distributed/Nonprofit thing maybe? Idk policy all that well

How do you mean? I to someone trained in infosec it’s a tool like any other and has to be taken with a grain of salt and a bigger picture

lol to be fair MITRE is technically a non-profit already, just one that happens to be almost exclusively a defense contractor

I worked with a senior analyst who would run a hash through VT. And that would be the only analysis they do

Tbf they didn't last long

Ouch, I just know I go well beyond that in my investigation and sure lol. I’ve not run into any personally but there’s for sure tons of malicious samples that don’t have detections yet

Not much behaviour analysis if you're just giving it a hash

yeah lol, it’s nice when they have that but lol something had to provide that first

Mmhm

Any run is nice, but a sandbox and knowledge of how to use wireshark will get ya places

I will say it is quite nice our EDR product does have an easy link to the VirusTotal hash result for any detection but yeah just one more tool to make your determinations

mhmm

I think I know which one you're talking about. It's definitely a nice thing to check quickly, but over reliance on it seems bad

What were we even talking about

Oh CVE

🫡 RIP king

Sorry to ask here. Looking for getting back on the cyber side. Anyone got study mats I can take for a job interview? red teamed for 3 years and now going for a security engineer position. Or does it exist somewhere on here already

We shall see, if they really pause entirely tomorrow it will be no good and a big wakeup call

D&D?

Yep!

Druidic dice tower

Made out of wood filament, rosewood to be exact

Nice nice

I mean not so much but there are relevant security engineering rooms on THM? Ehh close enough

Fitting for your druid

You haven't seen my dice!

Go on then

Give us a peek

https://fennekandfinch.com/products/white-flowers-and-moss-dnd-dice-set
https://fennekandfinch.com/products/thicket-dice-set-7-piece-green-forest-themed-dice-set-with-branches-and-copper-foil
https://fennekandfinch.com/products/falling-leaves-dice-set-7-piece-autumn-trees-themed-dice-set?variant=39411984531552

Very nice

All my dice have been lost to the void, so I might pick some of those up!

Hell yah! Fenneck and finch look very reputable too. They make dice for a couple of specific classes, or you can get metal, wood, etc etc style dice

I had a spiked metal set before. They look cool but they roll so badly

Also, one wrong move, lands on your foot

https://tenor.com/view/realkimroro-police-gif-23236998

Yeah the D4 was basically a caltrop

yo guys got my second certificate

gz!!!

Bravo

Ansible gib green text
Green text gib dopamine
Dopamine gib gud feels

...

Green text says Hallo Wurld

https://tenor.com/view/we-do-a-little-hacking-hacker-meoware-hacker-cat-cat-gif-1513020089831183224

ohhhh nnnoooo, not the mouse as a mouse! lmao

2 and a half more hours on my print

meoware xD

Sup everyone!

Happy to be back.

https://tenor.com/view/hasbulla-im-back-chat-im-back-chat-gif-10891601084898830857

I was out for a bit, had some life changing stuff happen. Im hoping to get back into THM now that I have more time.

Last thing I did was fix some vulns in EasyMap and then dip lol.

I feel myself lost in cybersecurity

Why is that?

Everything has developed

Azure defending

Aws attacking

I stopped learning I have crouse

Oh yeah, the kind of thing I haven't had a chance to explore still lol.

Im really wanting to get into the Azure defending, that seems fun.

AWS attacking has been around for a bit, but I will don't know much about it.

Technique-wise

I dont know what aws attack and azure defending

Im more of dev than a hacker tbh. Which gives me a little advantage in code reading situations, but not much otherwise. I've learned everything I know for modern techniques from THM. Before that I was reading a whole bunch of books.

I dont know any code just python

Python is a pretty nice language and easy to learn.

I use Go because I can make everything modular. Easier than C++ and C# which is what I coded in before.

I dont want give up

Keep trying, eventually after seeing things enough, they start making sense. It's a process.

Dang... Mitre. 😓

I will study aws attack and defend azure after the red team path

I liked the red team path. it was super helpful.

Welcome back

Thank You @cloud quiver

Gave +1 Rep to @cloud quiver (current: #1 - 4545)

intereting

Should I give up Cybersecurity and be a truck driver? Lol

(Might tbh if cyber doesn't work out.)

Ah dude, thats dope!

Kgb

Don't give up cyber though, its about the same in pay tbh.

It'll be a backup plan :)

Web fundementals
And webpentesting before red teaming and offensive security or after the offensive security and redteaming

@oblique loom Good thinking

About me?

Me xP

@leaden marsh Web pentesting shows you a lot of the fundamentals.

Okay I after jr pentesting and pentest+ then go to offensive security and redteaming and then web fundetmentals and web pentesting

@leaden marsh I did, web pentesting, linux fundamentals, web protocols, nmap, and metasploit before even attempting read teaming.

Cve getting cut?

I have cybersecurity 101 first

@leaden marsh That works.

Cve getting cut how?

What do you think is before it?

Or after it?

@leaden marsh Do it before red teaming, cause when you get into read teaming, you kind already have to know how to do basic pen-testing.

def do jr before red..

Before redteaming and offensive security

Yep.

you can do offensive before red.. but get jr out of the way first.

It's only going to give you more knowledge.

I have pre, 101, red teaming and off all done.. plus a few more.

I'm working on Azure right now but have been lazy.. lol

*Defending Azure

I took a little break, now Im finally getting back into it. But definitely lost my streak lol.

Liiiizzz! Moo!

I see you typing. 🙂

Nice EZ, I picked it up too for that deal. Was distracted with watching show after work and news today though so I’ll get back to it tomorrow

Looks like a NY pizza.™️

Them's fighting words...

#room-help lateralmovementandpivoting Web mask cannot be removed

https://tenor.com/view/crazy-cat-mushroom-dance-gif-11846709049893854538

https://tenor.com/view/good-morning-cow-gif-24965573

Have a more built up NY Pizza

Chicaco style??

💯

no.. I didn't misspell that.. 🤣

With bronze cheese.

only the best for Berry

Speaking of food.. I'm smoking some meat right now to make chili with.. It'll be done about 3:00 AM Matt time.. 🤣

Very nice!

I got my ears lowered the other day too...

hardcore lowered..

what does that even mean lol

If Eddy van Halen was a cow.

i just saw the john hammond vid

Yeah I’ve discussed it above

Or just saw the thumbnail actually

ohh i see it

Yeah.. The CVE getting cut thing.. that's totally gonna help the US riiiiight?? 😭

some certificate naming vendors have reserved like 1000 CVEs to assign in case of something like this ahead of time, but that presumes MITRE’s infra isn’t just “paused”. Will be a disruption either way

Okay.. we should probably not talk too much about this here.. but maaan.. wtf...

Yeah honestly more so because it’s depressing and I don’t want to think about it any longer today lol

But may be a wakeup call the industry needs unfortunately

I'm not sure exactly what you mean.. but at the same time.. statement works for both sides.

https://cdn.discordapp.com/attachments/1284180023607038114/1284958846950838385/03420234342.gif

my second bit? As in we need something more distributed and fault tolerant if that is possible

https://tenor.com/view/dog-bubble-speech-bubble-gif-25905495

Funny dog

Anyways may be time for some Truck Simulator… to which they’re actually adding a gameplay mode for just driving cars which should be interesting lol.

been mods for that for years but nothing official. Branding it as “Road Trip” for America Truck and will have actual unique gameplay tasks for it

lol I told my SO that and he was like “I don’t get it, that defeats the whole purpose”. But nah he doesn’t know the joy of just driving around Europe and America exploring while you complete these tasks all chill like

#room-help Lateral Movement and Pivoting Why can't I cancel the prompt?

Utah?

Yup, Cedar City to be specific

lol someone wrapping the chat back up together here

but yee I have an obscene amount of hours in these games lol

OSINT

I'm truckin to St. Louis

Nice nice c:

lol maybe in two years we’ll finally get to my state

Quite a ride

St.Louis is a beautiful place.

indeed, and that’s half the joy of these games. The virtual tourism

They only have the Missouri part of St. Louis tho

Basically downtown area

The arch

Still cool

Can't wait for Illinois dlc to finish. That and Iowa also Louisiana is what they're working on rn

At least there's Texas and Nevada :D

That's all I need lol

Hi

Hello 👋

Nice

Been working on a little pen-testing / secure shell project. Pretty cool stuff. Got some of the pentest features coded today.

Spoilers it has built-in port, http web, and host scanners. As well as what could be considered a payload Generator... maybe... 😅

Alright, good night ya'll

Hi Everyone I Finally FInished my Cyber Security 101!!! Keep at it gang!

Congrats , great job 🙂 🚀

hey guys, i have an annoying assignment that's CTF-like. i'm stuck on one part, anybody that can possibly assist me?

If it's an active CTF or for school/work we cannot help per the rules.

from what I understand anyway.

aww men aight, it's graded anyway lmao just wanted to see the ending since our prof won't tell us

thanks!

Good Luck on it though!

appreciate it!

My beans just finished.. I'm smoking my beef... then gonna make chili.. yes.. with beans.. hate me but I like beans. 😛

Is there any other way to make chile?

Ask a Texan.. 🤣

I mean, I'll make chile without beans, and then put it on a fritoboat with beans anyway, so I might as well just put beans in it in the first place lmao

Technically... original chili is just stewed meat with chili peppers.. that's it.

From what I understand of the history of chili..

Well and you would be right, but we also don't make icecream from custard anymore either

so...

ice cream is made with cream.. wth.. LOL

smh lmfao

well.. dairy...

but how do you make custard

Eggs..

wait.. is that dairy??

yes... and....

Sugar!!

lmfao

Traditionally, ice cream is made with a custard base

oh man.. I failed.. I have no chocolate for my chili.. whatever...

and the amount of custard used as the base determines the type of icecream, from gelato, to soft serve

the type of ice cream in terms of mouthfeel, bite, sweetness, etc.

take for example, a gelato is usually about 40-45% custard, while the ice cream most of us are used to is around 25-30%

I always thought gelato didn't have dairy for some reason..

I'm not a fan of desserts anyway.. but I have to research it.

lol no worries

Most modern icecreams are thickened with starches or gums, from cornstarch to agar-agar, which is far removed from tradition

I mean.. I was a pastry chef for a while in my earlier life... but I always preferred the savory ones.. like steak and kidney pies.. etc.

more of a baker I guess...

lol don't worry, I'm not knockin' ya

My preferred YT feeds are about food.. I love food. LOL

irish pasties are my heckin' favorite man

If I didn't know.. hey.. cool.. now I know.

Jamaican patties... omfg

we used to have a food truck that drove around out here in the summer and served pasties, worth every penny

beef with cheese prolly one of my all time favs

dude those sound gooooooooood

I'm gonna make some sometime soon I think.. but I gotta find the right ingredients.. West coast USA is hard to find good ingredients for that stuff. 🤣

Oregon or washington?

LA?

WA

oof, yeah

Seattle area..

so.. diverse at least..

Guys, did you know about Zabbix?

Yeah, you can usually get some of your less common ingredients from whole foods if you're desperate

My best friend is Jamaican.. and he can't handle ANY heat. LMFAO

And have an open wallet...

What about?

true, but I mean you wanna go only for unique ingredients though, like spices, do your normal shopping elsewhere lol

its a tolls to monitor, sorry for bad english

I'm not buying no $24/lb salmon at whole foods lmao

give me a frozen salmon patty for $3.49/lb and we're gooood

That's about 10 more than a fishing license out here... to catch salmon.. 🤣

You can catch and eat.. it's fine.. but I prefer to smoke.

Hunter fisher...

I've been really digging mesquite lately

been putting it on everything

don't have a smoker, so I gotta do it the lazy way lol

who heard about the cve stuff will it shut down ? 🤔

Yeah saw that

I'm trying to get a download of the cve list right now, but it keeps failing. I'm at 20kbps on a 450m download

North Korea already bought them out w the bitfinex money

oof

explains the download speed, good timing

Jk but I’m kinda skeptical about it just expiring

What you mean about cve website?

oh no.

Mitre

MITRE is not expiring, just the contract for them to update cve/cwe. I expect data to remain in place for a while, just no new content

https://www.youtube.com/watch?v=itbsfeqrRY4 john hammond vidieo on it

How long was the contract valid?

Would assume until tomorrow

MITRE has been doing that work for years if you're asking when they started

Oh wait, so they have till tomorrow to revalidate the contract

I got confused because of timezones and thought it was till today lol

im slowly working through a song and at this rate it might be out by edgerunners s2 😭

how would this affect cyber security just wondering

I don't think that much

If mitre doesn't document CVEs, another company will

Hello

Hello excuse me where is my CVE

What did yall do to it

Ye this should ideally be an easy fix, since the problem seems funding mostly

The weird thing is, someone else may start the cve program now

chili is brewing...

I'm curious how it's gonna turn out because of kidney beans.. but it should still be good.

What is this CVE thing, can someone explain in brief?

I'm not willing to go through many videos

Yes. Check the JH video of it.

John Hammond

Alright

https://youtu.be/itbsfeqrRY4?si=niTBgsU5y36ESFI9

Hello, good...evening(?) everyone.

moo

Wait, isn't this english only?

It's night for me rn.

Good night!

moo is English for cow sounds. 🤣

https://tenor.com/view/oscar-actually-the-office-blank-stare-gif-14405570

I use Arch btw...

big deal.

Do you know how to spot a Linux user??

Just be one, and do it casually.

they mention arch

Don't worry.... they'll tell you.

I'd say a good 50/50 mix of us Linux/Windows here..

They'll make it their personality

And lol I don’t know why I checked in. Just feeling the extential dread and yeah I gotta report on this tomorrow. Reportedly more info will be coming from MITRE at 10 CEST/4am EST

I use windows as my daily driver for casual stuff and Linux for cybersec related purposes

my brain in the morning:

ping 1.1.1.1

Network Unreachable

I am full opposite.. I use Linux as my daily and mostly Windows for "work stuffs"....

😂😂

New Path behind a paywall? zzzzz

I cannot use Linux as my daily driver, I am not that advanced

PowerShell is a-maze-ballz

I use all three major OSes daily but Linux main for nearly 20 years

Plus I play video games alot in my free time, so I use windows for that

It's not about being advanced, it about having the most endurance to fix the damn thing every time it breaks down for no reason.

Exactly

That sounds a lot like Windows!

@sinful moon you going to dc ever?? Totally wanna meet you irl.

and your SO

lol I have no such plans

For me, personally, windows is more stable

traveling is not something I get to do unless it’s a special occation

I mean once in a while I'll have some problems

But fixing the problem is easier on windows, for me personally

https://tenor.com/view/he-got-cancelled-keemstar-he-got-called-out-removed-cancel-culture-gif-21882741

Linux at least tells you what’s wrong so it’s easy to fix. Windows makes it opaque behind a hex code and all answers online are people asking questions with no answers on Microsoft TechNet lol

Stability is a relevent term... frfr...

Different problems, same horror.

The biggest problem I faced was when I was playing a pirated game and it didn't work properly cause Defender stopped it

And don’t at me if you’ve never had to use BlueScreenView and Windbg to figure out why your WIndows server in production is broken

lol

Windows keeps on changing day to day and you never know which flavor is under that chocolate... 🍫

they don't let you even see under the wrapper....

I updated to Windows 24H2 on my work computer and it literally bricked my install

Personally I did it manually.

Yikes...

omg it's gonna be some good chili btw.. I'm so excite

What chili?

I can smell it on my face hairs....

You analyzed Windows crash dumps without a debugging tool? You’re either crazy or….

This may win awards... if I actually replicate it again.

I prefer the term mad.

I do mean the full developer level BSOD time dumps

fair enough

either way Windbg does actually ingest those natively lol

I used Chris Titus's windows Utility to clean up some windows bloat

I mean.. if you're not crazy.. what are you doing here??

And stop updates (the security updates still happen)

https://tenor.com/view/this-is-fine-fire-house-burning-okay-gif-5263684

Buddy, I developed AR glasses just to see if I could.

All of those can be fixed in Local Group Policy without trusting some rando

for Kratos

fair.. welcome. 🙂

If you just mean one machine

Fair enough

Speaking of machines.. I need to get my ESXi stuffs up to date.. and ... cloud migration... for MS... omg.. I've got so much to keep me awake for 7000 hours on my 30 hours alloted...

I'm watching a video on the 4chan hack

lol Proxmox when tho EZ

7000 hours? What are you doing? Running a marathon?

Migration was easy for me thankfully

It feels good to see a cesspool website like 4chan get hacked

2035????

ouch

I'm planning on pushing all Azure for 2026-7...

Personally I had to do it or my ESXi features would degrade the usefulness of my homelab

full server migrations and all if I can.

VMUG is dead unless you really want to earn some VMware certs

offsite...

What does your homelab look like? Personally, mine just looks like a bunch of garbage machines put together.

plans be ... brewing...

lol let me share the image I always do

I am betting a solid 5$ that offsec will take over the CVE program

https://tenor.com/view/gato-gato-lamiendo-gato-paleta-lamiendo-gif-15858928605675053640

This reminds me, I should probably change my PC setup a bit so it's more convenient for me

I have hopes and dreams.. don't smash my dreams with your hopes. 🤣

That was..out of context.

And I should also clean my PC from the inside

https://media.discordapp.net/attachments/680459914828972076/1290479311358398514/dell-pet-430v4.png?ex=68005383&is=67ff0203&hm=d163725c60b914deb872b4556358ffcbd197c044f330f2ca7785260edec00eac&

Those are easy to get!

Dell PowerEdge T430 with dual xeons, 256 GB of RAM and 64TB of storage

yeah it’s 2016 era so wasn’t bad

I totally just wanna work in a datacenter and do tape backups again... headphones in... no cares.. just do the things and go get paid.....

Oh.. I found another undetected virus too... but then I got let go.. so... they kinda muffed.

I just had to have dat iDRAC and I administrate PowerEdges at work, just remotely 800 miles away so it was neat getting to set one up and do everything

Yep. Can't say the same about Tesla K80s though. They're super cheap, and I'm building a new VBIOS for them so I can..well, let's just say so things can surpass kepler--by a mile.

lol you all are distracting me from my ‘Murca Truck Simulator but I sure don’t mind. lol I just need to be distracted after today

Can it remote 40 lightyears away?

@sinful moon okay to DM?

lol what does that even mean, but no it’s limited to local, I don’t have any reason to have remote iDRAC access via VPN or otherwise since I never leave the house

EZ you don’t have to ask, we’ve chatted in DMs tons but sure

More of a formality for the THM chat.. but yeah. I still wanted to ask.

Totally fair

40 lightyears = 40 years for a photon to reach it's destination

Although it's technically the information that takes so long, as the information of a photon has rest mass, slowing it down. However, a photon reaches everywhere in the universe within..NULL amount of MS.

Laymon's terms:
Takes 40 years to establish a connection on SSH and any info sent will have 40 year latency over fiber.

lol I know what a lightyear is and I question the relevance still

the relevance:
My brain going on hyperdrive and breaking the universe in fundamental ways.

lol alright

Either way, yeah it’s running Proxmox now and going great including SATA passthrough to blu-ray drives for media acquisition which is no small feat

That's great!

Yee, just had to manually edit configs to low level assign each of the two drives to a different VM

hello Elizabeth!

Final post here is how it’s done: https://forum.proxmox.com/threads/how-to-do-a-scsi-passthrough.111505/

If you don’t do this, disc drives are basically paravirtualized and you can’t access low level hardware features directly

Enough for raw data but not more advanced media tasks

That was interesting to figure out but I’m glad I found that post. Still requires some trial and error despite being able just to list your drives

since lol my iDRAC presents the ISOs I have on the SD card as a virtual drive of the same standing physically

Anyways just a fun aside

Just really a pity about Broadcom and VMware, I used to be an evangelist of theirs with over 15 years experience with VMware products

now yeah don’t touch them with a ten foot pole for work or homelab (although free Workstation Pro I can’t complain with people using, just too little too late)

I literally was paying them $200 a year for VMUG to get all VMware license keys for strictly personal use, but nope that wasn’t enough for them. Gotta buy and pass a VMware certificate now too to even qualify

Also shh, this is actually a better server than half of our clients

We have so many that are even worse PowerEdge towers with 64GB of RAM

Oh yes let’s host three+ graphical Windows 2022 servers on 64GB of RAM. That will end well. They are not happy if they all reboot at the same time

And… commence disk thrashing. Despite the RAID they really struggle

I think I won as last person standing in chat, I out ranted the rest unfortunately. Don’t mind that everyone should be asleep now

lol

I can run 3 windows servers on 8 gb ram

I’m built different

actually I have an ansible-navigator question

I mean Ray, sure but to production workloads and with a GUI instead of Core? Idle doesn’t say much

One I’m thinking of is Domain Controller and two line of service business application servers each running SQL and more

Sorry Wrap, I’m still learning Ansible. Sadly not required at all at the scale of my current job

Damn.

all g

I am the only Linux admin and can afford to treat each server as pets rather than a generic unit, besides the Docker stuff I roll up

I’m just pretend I understood all that but I hope u find peace in typing out ur thoughts

Might haveta explain it to me like I’m 5 for me to understand

I'm trying to follow the documentation to learn it but I'm getting stuck lol the commands aren't working

The old chatgpt trick

Okie Ray, no worries. Keep it up despite your RAM limits. Although if you haven’t done much I would highly recommend learning Active Directory and Group Policy and setting up a mini-lab with them

THM has some good rooms on the basics

Ram limits

Ooh

Where do I find them rooms

I’d ask you more but I’d probably get too wrapped up in troubleshooting tech I’ve barely used lol

I was going through the beginner stuff over winter break but then my classes started up and I kinda got busy and put it on hold

don't worry about it, just venting lol

Here’s the very basics: https://tryhackme.com/room/winadbasics

AD and GPO is how you manage (on prem) an entire Windows domain for a business

I'm at the part where we're supposed to be learning how to run playbooks inside of containers, so that we don't need to worry about playbooks failing because of varied environments.

...But the damn container isn't working for me and neither is ansible lmao

You know settings you hate that Microsoft removed from Windows like “Download updates but ask me to install” and etc? That’s still all available in Group Policy. You can configure all machines in a business to do that for example

ah lol warp

Bro your Pfp

I forgot that guys name

https://tenor.com/view/steve-harvey-gif-24496348

ssssssssSteeve
Haaaaaarveyyyy

When I joined HTB it was all the rage, they got the sticker and the emojis too and they spammed the heck out of it. It was great

Although he’s right up there with Dr Oz with peddling nonsense TV to housewives lol

That’s going a bit far, I mean the same catagory of brainrot lol

wdym lol

daytime TV vibes

oh yeah

I don't think I've met anyone under 50 that watches it on purpose

Did you guys have watched Money Hiest (Webseries on Netflix)?

although it is fun to watch the clips, he is actually funny sometimes and has some good advice for kiddos

eh debatable at times since often it’s just what makes good TV for dem housewives and etc. Which yeah I guess as you say is a class that’s kinda aged out of what we would expect

but lol I want more tech chat, something something I made a Group Policy change that fixed everything today at work

nah, still pissed at podman and ansible rn

can't figure out what's going on here at all

eh technically it was the opposite. We inherited an awfully setup domain from another IT company. They configured everything in Default Domain Policy rather than their own GPOs. We ran into a snag with some security software which did a check if Windows Firewall was enabled…. whoops old IT disabled it domain wide by pushing “Disabled” Domain Firewall Profile.

boss was like, remove that crap. So today was just me fixing what broke after reverting Windows Firewall to “Not Configured” aka on per machine

Honestly it was trivial, just allowed the server to have inbound to the line of business app, but I wasn’t certain ahead of time what all would break. Most software is pretty good about proactively adding to Windows Firewall, enabled or not

wat lol

What do you mean?

the last one wasn't super clear to me tbh

Hello Guys any body know that when I try to play King of hill it show me error. I mean it show error like "For intermidiate level" kind of.

Typically on install, apps will just add themselves as Windows Firewall rules when run as admin. Our EDR did for example despite the firewall being technically disabled.

So this line of business app just needed quick manual firewall rule added to allow inbound traffic to the server

as soon as I resolved that, client complaints that can’t access line of business app disappeared with under 15 min of work. Windows Firewall by default only blocks inbound by default, so outbound from the clients were fine. Server just needed a tweak

Good job

Thanks but it was ez and I just looked up the docs

I have a question ?

Literally just this, doesn’t matter me saying the app since it’s everywhere: https://us-kb.sage.com/portal/app/portlets/results/viewsolution.jsp?solutionid=220924460105259

nicee!

Yeah ez pz win, but fair it was my boss who told me to break it with outcomes I couldn’t always anticipate and I did try some. But lol we don’t have logins to this app

After I made the change to revert Windows Firewall to stock in Group Policy, I just did some quick reading and yeah sysadmins were just like, lol just see what breaks and fix it, it’s not hard.

While I wouldn’t advise that for larger companies, for this small client it was more than fine

lol sounds like a lot of fun

just another day in IT lol, it’s not actually that exciting, just illustrative lol

We’re just such a small MSP that I wear very many job roles and yeah sysadmin being amongst the top, along with sole infosec person

Frankly I was less worried about this than restricting old NTLM versions, and we have not taken the step to disable NTLM entirely. But I did enable SMB message signing and more

Even with auditing enabled for that, it could mean a ton of legacy network printers break and that is no fun at all

I FIGURED IT OUT BY CHANCE!
I had a typo.
I wrote: ansible.buildin.debug
and not: ansible.builtin.debug

lol ouch, glad you figured it out

it's always a typo, ALWAYS

Yeah I wouldn’t have caught that if you did give full context

anyways lol I could rant about random IT stuff all day. Its a trip is what I’ll say

from mundane to wtf

lol like the time I found Kerbostable account in a domain… it was for the default domain Administrator. Someone was running a service as domain admin back in the early 00s and due to AD/GPO just being passed on to new DCs over the years, that was lingering in the background

Huge security concern, literally said it was originally created for a Windows 2000 Advanced Server machine that’s been gone for a long long time.

That was very satisfying to fix with no repercussions

Just funny finding 20 year old nightmares your predecessors used as a quick hack and forgot about

lol

It seems like a really cool nightmare to have, needing to migrate 20 year plus old systems to modern infra

Can’t recommend this tool enough for anyone who needs to administrate or security audit AD/GPO: https://www.pingcastle.com

Even stock, Windows AD/GPO is insecure out of the box in the name of legacy compatibility you likely don’t need

that's heckin' rough man...

Yee but I’m so glad we have tools like this to easily analyze, just straight up tells you what needs to be resolved

and yeah many of these domains have just been going for 20 years with little thought or insight

lol if you ever inherent 12+ client domains like I did, this is a game changer for immediately actionable security improvements for each

Thanks! I copied it to my notes!

also a 1-100 overall risk score that it provides is easy to sell to management/C-Suite if you need changes approved

You work for an msp I take it?

yee, for the last four years

it’s a blessing and a curse c:

lol nice

how'd you make your way into that?

Pros: I wear all the hats of multiple formal titles in other firms, Cons: I wear all those hats…

I joined as Help Desk and quickly proved my security aptitude from rapidly responding and patching log4j vulnerabilities back when that was a concern in late 2021 when I joined

immediately showed management that I could handle infosec and sysadmin. Which I could but that is the exact moment I signed up for TryHackMe, since I was all self taught previously and had been out of the game somewhat

I just knew I needed to up my game and get with the times since most of my, erm, information security learning, was hands on in the mid to late 00s

When are you gonna make the jump for a devsecops job?

Help Desk may get a bad rap, but no it’s one of the best ways to get started in both IT and infosec as SwiftOnSecurity often professes to. It’s good to have a handle on the day to day of IT and end user expectations rather than sitting up on a security perch above it all, expecting your changes to rain down from above with no impact

Yeah I’m applying to a Linux sysadmin/devops role atm. Not quite infosec as I wanted but Linux is my jam and so is sysadmin

Good luck!!

I'll be waiting for your usn to transition from green to maroon!

Thanks! I was distracted by tax season but now that that’s through, I’m going to make my stab

lol the colors are based on level on THM, so it’s just this same green all the way up from where I’m at

I’m at what max level used to be

lol you ever play any mmorpgs like osrs or wow?

Yeah I’ve played WoW Vanilla/Classic and enjoy that, but enjoy other MMOs like FF XIV, Guild Wars 2, and (Japanese pre English launch) Phantasy Star Online 2

I kinda bounced off the official English/western launch of PSO2 and haven’t made another attempt, let alone the new “Genesis” redesign the did

gw2 was cool, classic was AWESOME!

back in 2014 all western players would play on Japanese servers with a DLL translation injection patch

ps02?

mhmm, although I still prefer actual Vanilla over Classic for WoW. But I’m not a hardcore WoW fan

Phantasy Star Online 2

can anyone tell me where to find Workflow Id for an incident in sentinel ?

No, try #room-help or #defending-azure-path

when I was a little kid I used to play SilkRoad Online, but you can't really play it anymore because of bots and the company died a looong time ago 😦

LIkely not many walkthroughs atm, but those will be soon to come

The monsters were so cool, and the magic system was pretty imaginative

I think I tried that sorta thing once and it was just not my jam

but I may be thinking of MapleStory lol

PPO2 graphics remind me a bit of destiny 2

it’s just kinda 2012 era if you mean the non-genesis stuff. Doesn’t look bad

yeah

yeah, SRO wasn't for everybody. I was a kid though and my imagination ran wild in that game, not so much when I grew up lol

Despite that, due to being f2p it was very well optimized for machines of the era so it flew on something decent (PSO2 I mean)

I listened to Halo theme after so many years and it's still goated

Yes and now you should replay them all

Halo: MCC is in a great state these days

I am a massive Halo nerd, but admittedly mostly for the Bungie era of games

Lol I should

halo has been on my list for yearsssssss

I used to play the demo for Halo 2 OVER and OVER again for months because I couldn't afford to buy the game

Mhmm I just did recently and had a great time

It's probably going to be one of my first purchases when I upgrade my computer

lol was it a Vista demo? I wasn’t aware of Halo 2 having an Xbox demo due to the rushed dev

I am currently replaying the God Of War franchise

lol we can well

I'll complete the assassins creed franchise after this

yupppp!

I have many games on my list to play

Halo 2 multiplayer and XBL is just when I got broadband internet and it was a magical experience

What's yall's favourite games?

what do you mean I can play with 15 other people in a “Big Team Battle”

lol that was my top rank in Halo 2 MP on OG XBL

Sounds like you had a fun childhood

mhmm, more like early teens but same difference

It's common to see hackers who were games in their youth

Hackers + other fields of cybersecurity

Alterac Valley in WoW was my FAVORITE battleground because of the huge 40 vs 40 battles, sometimes with bosses, magic flying everywhere

Changes depending on my mood and the day but: Shadow of the Colossus, Katamari Damacy, Rez, Halo 2, Metroid Prime

that’s at least the top 5 I’m giving right now lol

I’ve played too many games to consider realistically but those all left a lasting impact on me

I wish to play all those but I don't get time 😭

College exams really are annoying

lol I never got that far in WoW. Don’t misunderstand, I love classic WoW but I usually get bored in level 20s

and I ironically play most MMOs singleplayer until I’m forced to do otherwise

Nowadays I just play CS2 for maybe 1-1.5 hours with friends

Single players are more peaceful to play

Coincidentally every single title I named is from PS2/Xbox/GC generation so lol I have a vibe there

But I have too many “favorite games” to even list lol

my whole family played on a pvp server, so we got ganked all the time. Really gave us the push to 'get even' lol

ah lol wild

yeah I’m much more of a PvE kinda player

can we all be honest

It may sound silly but I just enjoy the story and atmosphere of MMOs, the stuff most people just ignore to grind to max level lol

gaming is a big waste of time

so is any hobby

give up guitar, waste of time

you could be learning infosec!

really? bruh why?

Guitar could make u friend

Once you get into IT you will understand that balance is key

I am all about tech but if that’s your job and whole life then it’s exhausting af

Hobbies are healthy and help people unwind

I speak from experience being all about tech myself lol

I just want to be employed😭 and buy a 2M$ apartment in Australia ,then live a peaceful life. Is that possible for cybersecurity???????

lol good luck my dude

I agree, but that's kind of the point. Your mind needs a chance to relax and recoup.

Of course all things in moderation, but for most people videogames are the safest way for us to escape. Some live in unsafe areas, or don't have enough space or money for a more tangible hobby.

Personally I did quit gaming because I became addicted to it, best thing I ever did. But most people don't go to the extreme that I did

Whew I can’t say I was ever addicted to gaming but that may be understandable if you went deep down that MMO pathway lol

gotta get you to sub somehow lol

do u have a job in cybersecurity Elizabeth

yes

OH DANG

is it stressful?

yes lol

Morning 🌞

which is all the more reason to have hobbies and interests to unwind with

Do u think in your perspective that the salaries are high?

I mean every job is stressful at some point, isn't it

That depends on many factors, but I’ll just say this is an over 3x increase in pay from my previous unrelated job

From my experience, the only stress I encounter is a lack of pre-requisites before an engagement starts 😆

Mhmm, imho which is why even experienced folks like me are here and presumably yourself

Infosec never stops, continuing education all the time

so it can be nice to have a break

YOU CAN START FROM HERE

Is your job a senior or a junior job?

agreed, I neglected this for a year when learning infosec and pentesting and got burnt out fast

Wow boolean-based SQLi is a lot of work

WHY ARE U SHOUTING AT ME

N/A, I’m a Windows sysadmin, Linux sysadmin, sole infosec professional, devops, compliance manager, and still help desk in one. Just small business things

so one could say that’s senior but lol I’ve never gotten a bump in title since I’ve started. But lol this is like a ~10 person org as an MSP

Maybe a little deep for the direction the conversation took; but I learned that if you aren't paying attention, you can end up mistaking your successes as your purpose in life.

People too easily devote themselves to what they perceive as their purpose without judging whether it should be. ofc I was a kid, but it might help to share

one last thing I wanna ask is whether your job is flexible compared to SWE or software dev?

That’s a really good take. Agreed

Even if you kid, many kinda live this way

Professionally I’ve been a Graphic Designer, a Web Developer, a Home Health Care Professional, a Teacher in public schools…. on top of all the silly roles I listed above

Never great to pidgin hole yourself into one field. Being able to adapt is great

I THINK THIS NOT SURE

870 points for MS sentinel chall, insane! 😄

YOU PROACTIVE

https://tenor.com/view/idiocracy-idiocracy-movie-movie-idiocracy-luke-wilson-gif-13326295852468392208

congrats on your fake internet points!

I kid though, I do love how TryHackMe gamifies learning but I feel this new leaderboard system is questionable

and leads to abuse where people just spam answers from a walkthrough without learning, which we’ve seen happen in this chat plenty

one last thing I wanna ask is whether your job is flexible compared to SWE or software dev?

totally ruins the entire point lol

agreed, i'm literally doing it rn

command + F then find the keyword

I’m not sure what you’re asking by that. But on flexability I’m 100% remote I can say

ay everyone.

My place of business is 800 miles away

you drive there daily ?

Just United States things, not like that’s a brag these days but we won’t get into that

hi

are you in cali ?

I am technically an independent contractor

nah I’m east coast-ish

good night everybody, good talk and good luck!

that's nice I guess.

G’night if your’e headed out Warp, great chatting!

Yee, max “flexibility” but that means the small company just pushed the burden of handling taxes and more off on me because it’s cheaper to do so than to figure out how to do remote work properly

but yeah in a weird way I’m legally my own business rn 🙃

it sounds like you're dealing with a bit of a frustrating situation. the company is prioritizing cost savings over investing in remote work infrastructure, which is putting more burden on you. have you considered discussing potential solutions or compromises with your employer ?

I mean we’re a company of ~10 people, I will and have survived with this situation

It’s honestly nbd, I just have to set aside money for taxes instead of getting a refund

as a small company, resources can be limited, and it can be tough to navigate these kinds of challenges. you've managed so far, and that's great.

lol thanks?

You sound like ChatGPT output or something

Lmfao

that can be a bit of a planning challenge, but at least it's manageable. setting aside money for taxes can help you stay on top of your finances. if you need any tips on tax planning or budgeting, feel free to ask🥲

lol confirmed

"feel free to ask"

this is fucking heights

lol wow

who uses chatgpt to converse daily lol

I MEAN THIS GIRL LIKE THIS

that would be the peak of social loneliness

"GPT, WHAT DO I DO NOW???? THEY FIGURED IT OUT!"

not accusing this dude but the idea is wild

If you’re serious I do apologize but for real, even at my most professional I don’t sound like this. I appreciate the thought either way

🤦🏼‍♂️

the problem with chatgpt is it's made fancy english exclusive to itself

So well-spoken they think you're chatgpt

W

so if you sound genuinely empathetic or something, you're labelled as AI 🤣

BEAUTIFUL

But colleges think you're using ChatGPT if you even use an em dash now, complex English has disappeared off of the face of the Earth

lol I do use the fancy english though for my professional writing and email responses and I’m ironically more formal than that is

truly beautiful. a knight fork

You're in the marvel rivals server do you play

Weird condrunum.

academia's gotten pretty strict, huh ? using an em dash is suddenly a red flag for AI-generated content. it's like they're expecting students to write in plain text only. complex English might be taking a hit, but it's interesting to see how language evolves alongside technology.

oh please

yes i play.

ranked?

nah bruh.

oh damn

Very interesting personality you have. @red kite

I mostly play COD. warzone.

I never got too into Warzone since it was infested with cheaters for a while

thank you man.

Gave +1 Rep to @devout palm (current: #26 - 379)

Although not to diss with my own react, as I said above it’s important to have hobbies, just amongst gaming not my personal jam. So far enough

Call of Duty: Warzone had a pretty rough patch with cheaters, didn't it? It's frustrating when you're trying to enjoy a game, and cheaters ruin the experience. maybe you'll give it another shot now that they've likely implemented more anti-cheat measures bruh.

you should try gaming.

😭 I don't like battle royales too much to begin with

I’ve been gaming since I was three, try me bro

But I do like very competitive games

Sonic 1 and Aladdin for Sega Genesis were my very first games 🙃

I'm 20 I don't even know what the Sega Genesis is

lol
that's the problem. you should probably keep playing.

whew we’re failing the younger gens

oh I see, what games can you play ?

Sega Genesis is a 16 bit console released a year or two before Super Nintendo

Making games is more fun

With Unity

I haven't found the perfect game yet tbh

I have a bunch of potential candidates, but I'm waiting on more advanced hardware to run them on

lol old.
who plays Nintendo in 2025 ?💀

I like 3D/AR

…

those kind of games

fully immersive experience type shit

switch 2 just released

Me

I just like playing the popular competitive shooters

So I take it youre not getting a Switch 2 indeed

I like retro stuff.

or even keep up with current events in gaming

me too!

you can't compare that to play station 5.

nah

you should try a different gaming console.

come on, try harder if you’re going to troll

Such as?

I don't play either so I can't compare

but since switch 2 released, it implies people still play Nintendo in 2025

I do agree the Switch is a lil eh, they apparently still haven't upgraded the joycon technology to prevent the inevitable degradation

Most likely to keep people buying new joycons

We still don’t know exactly what they’ve done besides lol, “not hall effect”

they just claim they “fixed it” lol. We shall see

I love the hall effect

actually, the Nintendo switch 2 hasn't been released yet. there's been a revelation about the Switch 2, but it's scheduled for release on June 5, 2025. this indicates that people are still invested in Nintendo, and the Switch remains a popular console.

I'll never go back to other keyboards

uh

what

Yeah they’re still going

my point was exactly that people are still invested in nintendo

okay bruh.

Oh wow it's coming out on my birthday

I didn't know that

Nice!

I am a PC gamer main these days but yeah I’ll probably pick one up

you should probably get one as a birthday present.

stop right there.

I'm okay I stick to my pc 😭

oh do tell Ofye

what does your prompt have to say this time?

you in cali ?

huh ?

Nope I am on the other side of the country

okay.

Honestly tempted by a deck more so

Yeah I’ve got a Steam Deck OLED and would recommend it more highly at the moment

I've some some interesting hackery use cases for a deck, a little portable horsepower would go a long way

Yeah I’ve seen people using it as wild SDR workstations with backpacks full of antenna and more lol

this may sound a little bit stupid, but is there any certification in cybersecurity for an entry-level guy? Tysm

I mean Security+ is the most boring normal entry level cert that’s not hard to get

SAL1 for blue teaming

Sec+ for general

I say as someone who has only studied and not taken it

What's the content?

I've been considering that one

thank you

Gave +1 Rep to @mellow narwhal (current: #176 - 48)

thank you

As Zag says, kinda just general. It’s a baseline

For my first cert, I'm considering either Sec+ or Pentest+

kinda like A+ is like “oh I can work with tech half way decent”

as we all know CEH is a joke

All I can say to that is that PenTest+ is much newer, thus the promotion with THM, but might as well if it’s covered by your org or place of education

Haven’t heard bad things per say, just if what TryHackMe’s path that gave you that discount was any indication, yeah nothing special

but lol I don’t even know if that promo is still going

Both are around the same cost

so I could take either

Sec+ is a wider entry level cert, pentest+ is more specialised and the step up

this is just for the sake of getting one at least before joining college lol

Sec+ and PenTest+? I’d just go with Security since it proves you know the basics vs a somewhat unproven cert. I’m no hiring expert however, just think about the HR final boss for applying to a job and what they may know are industry standards

I plan to do more specializations like CPTS later on, like in 2026 or 2027

Bear in mind it might expire, higher effort

but yeah Ninja has a good take

Oh yeah, Comptia expires

Is it 3 years?

correct

Yep

how do you get CPEs to upkeep it?

Didn’t use to but they want that re-occuring income

because I cba to do comptia material regularly

wait you have to pay for upkeeping it? without an option to use CPEs?

or whatever those credits are called?

Usually CPE plus an annual fee

Yeah no then lol

I have enough things to regularly spend money on

Anything else you suggest for an entry level cert which isn't CompTIA?

Nothing that doesn't expire

Oh well

Avoid anything that isn't proctored too IMO

Yeah I might go for the CPTS directly then

Morning folks

It's getting some reasonable recognition but it's not there yet

Yeah I mean, it doesn't expire, which is a good thing. It's practical, which is another

My skill level currently isn't enough to pass it, of course, but I'm working towards that

Is it proctored tho?

It is high enough to comfortably pass Sec+ or Pentest+ though, which I would've probably done if not for the annual fee

I’d just apply a bit of healthy skepticism to CompTIA before you go all in on such a venture, but fair I don’t know the whole story abut this

I don't think so, but I'll double check

Every cert provider should have some healthy skepticism applied

In the UK they overhauled the whole system for being certified for Gov work

also notice how suspiciously chatbot replies have disappeared

Made everyone's certs almost useless overnight

Yeah for sure

That was forces mostly outside the cert providers too

Yeah it's not proctored. You're allowed to use any resources like in a typical pentest

Aside from cheating of course

So like. What stops someone else taking it in your place? There's no integrity, like SAL1

You mean someone physically taking it in my place?

oh lol I still remember the day someone here was proud of passing the new THM cert by just using AI and understanding none of it

Hey guys, where can I give feedback on the randomly shutting down of machines? First the target machine was killed, after reconnecting the attack box was killed. This sucks

I mean you do need to sign an NDA afaik

Well it's not physically, as it's remote

#feedback-and-ideas

because it was “open book” which they defended to a T

Ok so you swear you are playing by the rules? That's... Not a secure system

Then you mean by livestreaming the exam to a third party or something?

Yeah that's true

We're security professionals, we should hold ourselves to an appropriate standard

Proctored as most exams are

I wasn't aware that CompTIA exams were proctored tbh

I swear I'll never do anything against the rules to get financial gain by getting employment. Some people will happily cheat

Generally you have to show photo id etc

yee I followed all rules to get fananical gain already having employment lol

For real though THM is fantastic for getting someone up to speed who hadn’t been deep into infosec in years beyond headlines I can personally attest

For my side of the industry, I must provide one passport photo, one form of ID from Group A (Photo ID) and two forms of Group B ID (Anything except a mobile phone contract with my address on it).

And even after all that, I must go to the post office to have my photo and the same documents checked as well.

And then wait for a enhanced criminal record check

whew for which cert?

or certifying body

Ah yes, the people known for exploiting systems, following the loosely enforced rules of a system

I was both half kidding but also being serious. My learning on THM resulted in massive benefit for my current position. Just wasn’t talking certs

Any of the Security Industry Authority licences/courses in the UK.

For example, Security Guarding, Door Supervision, CCTV Operator, Close Protection, Cash and Valuables in Transit and Vehicle Immobilization (Northern Ireland Only)

That’s wild but somewhat understandable

I would say it stops cheating but it doesn't sadly

Was worried it was for a technical cert more traditionally

Lots of dodgy training providers

Give us xyz money and we'll pass you

Ouch

It's why at my workplace you can only do your training (paid for) via our chosen provider

sounds like the organized crime in :/

The SIA debated licencing pentesters at one point (but was out of scope for the legislation)

Hi

Everyone

How are you

Meanwhile we have no such provisions, just a small org so it’s out of pocket (but tax deductable! lol) for me

I wish spending money was tax deductable

I think I said it above but as a legal entity I am my own business as an independent contractor lol

Can be!

Not something I asked for 🙃

I get a tax rebate for cleaning my uniform

And any equipment I purchase for work

sup buddy.

really?
I could buy a new GPU and say its for work...

Depends on the tax laws in your jurisdiction and justification for purchases

I probably won’t but theoretically I could say the three month cloud license for THM AWS/Azure is a business expense since for me yep it’s helping and necessary to my “business needs”

3 things we can't avoid: 1/Death 2/Taxes 3/Change

I am no tax expert however, take nothing I said as advice

Anybody now any drak web services or chat room

know ✅️
now❌️

Your PFP guy looks dope

Know ok

Why would you want that?

Well it's me 😂

sybau

Because i want to explore it

What if I'm pentesting Minecraft or RDR?

Probably unlikely to have that approved

A burp licence on the other hand

do you have the alienware laptop ??

We have a name for that and it’s just reverse engineering and modding, sorry not tax decutable… ah nevermind that’s your point

No

you should get one, it helps alot.

Ok
I understand

plus like what would you write off for that? Ada Pro license or something? lol

I'd buy a whole arsenal of security tools to save on tax

Alienware is garbage

Ignore that, you can do infosec learning on any hardware, they’re not being helpful

What if THM subs were tax deductable?

to you son.

@sinful moon ok

My remote pentesting server is 2 cores 4GB of RAM, and even that is over specced for most needs when terminal only

Well first of all, I'm not your son, I'm probably older than you. But Alienware is garbage and overkill for pe testing.

No i just want to order some some guns

For self defense

That's why