#general

what you mean ?

cat ello

Until your head of defence sends war plans to his lawyer and wife signal is great

opsec was poop

I know i just so happen to find it funny

Signal is great for privacy

matrix is a chat communications protocol

synapse is a setup for a matrix server

the main client for it is here: https://element.io/

Is it good btw?

Considering your privacy focus

debatable

Safest is to meet IRL without any devices

Eh

There are benefits to online benefits to offline it’s not as simple as meeting irl to create good opsec

naah irl is full of cameras and drones and satelites

And traces of travel and location, witnesses

Speaking personally I’m super recognisable

and handling salmon under suspicious circumstances while wearing armor in the parlament after walk with a 2 by 4 on the sidewalk

Does anyone know of a website where I can view all of my data that has/is exposed? (From an email)

pentester.com

Thanks.

or haveibeenpwned

I’ve always wondered Jabba is there a reason you picked ferb from that show any reason behind it?

Matching profile pictures with my friendship group

HaveIbeenPwned is a good one

Ahhh

There must be a Perry somewhere

Loved that character

I never watched the show

One of the few shows I got to watch as a child

I just screen recorded myself talking on my Chromebook and compiled it with adobe express

hello everyone

please i need help to start hacking

#start-here

Great place to start

Just remember stay ethical and legal!

Hello everyone, this is my first message in the server. I have a quick question: I just completed the Pre-Security and Cybersecurity 101 paths. I'm planning to move into Web App Pentesting.

Should I start with the jr Penetration Tester path or the Web Fundamentals path before jumping into the Web App Pentesting path?

Really depends personally I’d recommend the web fundamentals

It depends on your previous knowledge and level of comfort

web fundamentals before web app pentesting is ideal yes

unless you have previous knowledge in said fields

Well that’s heart warming I have the same opinion as shadow makes me feel good about myself!

Jr pentester

As it also toiches on web apps

It's important to get some understanding of other ports as they sometimes interfere with web pentesting

But do both (jr pentester and webapp fundamentals) then go into webapp pentesting

I'm going to complete all three paths, Jr pt, Web Fundamentals, and Web App pt, but I'm not sure which one I should start with: Jr pt, Web Fundamentals, no prior knowladge

i guess i'll go jr pt then web fund then web app pt

yeah that would ling up with shadows recommended order

jr pt will help a lot for any of the offensive security

perfect, i guss it's a plan. started last month, tryhackme has been amazing, i'll start showing up here then.

Gl on your journey

Web fundamentals is the basis, otherwise tools like Wireshark wont make much sense.

Wireshark isn't included in jr pentester, is it?

Hey

I thought that was on SOC 1

It is in soc to my memory

Please don't promote here.

https://www.youtube.com/shorts/b8uyxLtXhGo

ah yes problems

Sorry. Its my bad

I do not remember, but even if its included you will learn to use the various wireshark methodologies and not how web connections happen.

i just checked both paths when i finish jr pt i've completed 80+% of the web fundamentals

yeah there is a decent bit of overlap

hello

hi

Qustion, the ai bot that's inside the rooms that's on the bottom left side , can i access it outside the rooms? i only have 1 and its the support one

sup my bro

Some of the rooms have it others don’t

wassu

end to end encrypted messages using matrix with a client like element can indeed provide more security and privacy

but the setup cost and finding spaces to chat with people for it is harder then discord

anyways this shadow whadow is gonna go for meep moop sleep sloop to the beep boops now :D

https://tenor.com/view/will-smith-shades-mib-men-in-black-neuralyzer-gif-17328155

Yo

No one is saying anything

I’m new here

@atomic cargo if you read under your first message I referred you to this

Haii

its more for Hands-on and gives u the basis BUT it does have unwanted information in it imo but id start with Web Fundamentals if ur Completely new then once u know the basics of WebApps n how they work then move to Jr pt path.

Ok, side note

💪

I'm working on a CTF and just wanted to ask what topics would you guys like to see?

Advanced Red Teaming courses, come dms

Error Based SQLI but make it VERYYYYYYYY hard to find add a bunch of products/web pages etc like a bunch 😭

Maybe I could add some IDOR as clues leading to vulnerable subdomains for that

Yes

Great, thanks for the idea

yo wsup guys

and add Decoy admin pages to fake them out but add a real one with limited privilege

Did you get your brother to allow you to hack him?

That's just evil

I like it

yep i did

LOL Make them work for that flag 😭

i have access to his cam now :}

but i told him and he laugh so much about it :} and he says I KNOW THAT 😄

he dont know it he lie

also u can escalate ur privileges with admin cookies hidden and encoded in base64

I kinda made a ctf like that in google sites but I forgot to make the subdomains unpredictable

😭

I stuck to gag sites after that

😫

I did make a little choose your own adventure thing

Based on the Witch Hunts

Oh wait

I think I might have an idea

Fake error page

^^

All the clues lead to a fake 404 where the next clues are in comments

I did the same thing with my custom cipher

After solving the already ridiculous substitution code and 10-pair integer replacement

💀

It just led to ad lorem ipsum

Only the 1st letter of each line counted

I have a question: Is setting up a VPN in my home lab beneficial for the overall security of my home network?

@boreal scarab i did a dum dum

Bitcoin mining?

oh god

Are we talking about processors littering the floor or botnets using their processing power? In both cases this is not the right place

Hey guys, im new here. I was wondering if anyone would be interested in helping me fight off a hacker who keeps spamming one of my emails and wont stop brute forcing trying to get in? Any help or advice would be great

What did the police say?

Did not know that was a step i should take

I mean

Somebody is repeatedly attempting to breach your privacy

When you put it like that. yea. Your probably right

If they found your account on social media you could probably manage to squeeze in a stalking charge there too

Is there a reason they're doing this?

Do you know them?

It was a stupid phishing email that gave me a chrome extenstion and no i do not

I miss clicked my keyboard at like 2am when i had to get up to check an email. self inflicted but dayum it caused alot

I do not know them

That sucks

Just a note

we dont do that here

We don't?

Ok, my apologies

Yeah, same here

Sorry, still new to the groupchat

What did you do?

You’re fine , I think there’s a line between fighting back and helping protecting yourself

Makes sense to me, thank you

Gave +1 Rep to @crystal mauve (current: #283 - 26)

Did u check your emails , they delete emails so u can’t see what’s been compromised

Change pswds, 2fa if u can

I did alot of things after i noticed it was off. 2 factor saved my ass in the first place. Changed all my accounts to a new email i made on my work pc at work. different MS account, different device, different network

U can check file paths on task manager , if they don’t go to sys 32 could b something

Interesting. I did fully reinstall my main machines OS aswell.

Bought new car

YAAAAAAAAAY

NEW BABY CAR!

Which model?

sup dudes!

I also want to know what model (I'm a Subaru person myself, hoping it's one of those :3)

hello Mr W. Craft, how are you

hey guys im looking for a download for a version of kali with no gui included

what

cant seem to find it anywhere

if you download kali from the installer images on their website, the installer allows you to choose between certain guis, you might be able to just, not select one.

ok

yeah thanks just wasnt sure if i would get an option for that since im installing onto a raspberry pi

Gave +1 Rep to @flint spade (current: #2830 - 1)

i found a workaround for it anyway

sick, glad to see you got a workaround. I was about to run through an install myself just to have a look. 100% recommend running things through a vm if you have the chance to, just to check that things will work the way you intend 😄

damn guys

i need a bigger sd card anyway yikes

my tiny brain

one more done

awesome job mate!

Bmw E46

It's purple

what a beauty

Project for 2025

what are the plans for it?

Fix it and then we'll see

fair enough 😅 having it run properly is a good starting point

This guy is on my tv

now i got a purple name

cool

It's running properly, just some rust and oil stuff that needs to be fixed, then brakes changed and height changed, then some lights changed

Can i disown you? It's a BMW!

My current is also a BMW

You're disowned.

Bad Bella

Why, it's a good car?

👍

Because BMW drivers are assholes, I'm sorry. Y'all don't use blinkers, run people off roads,

Do y'all not have a lever for blinkers? lol

Stereotypes

I thought that was the stereotype for drivers in NYC

And they thought we were crazy

how do you get league locked legend

some people have it but im not sure how to obtain it

That was in like the 80’s too. Now they have dragon fly drones

Where’s your name plates at

yeah let me just go drop another $5 on that rq

I have one issue with my lecturer, the fact he's making us do error code correction on encryptions when we should be just denying it if it's wrong

Why is uni like this

Because reasons 😂 it almost feels like education is jumping through hoops simply to prove you can do it

I know you can do it, but like, just no

You can still get wrong corrections smh

ECC on a TCP package? Sure, go for it
ECC on the encrypted payload? Smh

It’s crazy how much influence one individual can have on your education in that setting

I'm never doing what he's teaching on the job
It's just so flawed

hey every little bit helps in understanding, but honestly i have no ficking clue what youre talking about so i could be wrong 😂

aight aight lesson for soul

One of my other lectures said a device can't communicate on multiple networks, completely ignoring the fact phones do exactly that

can someone tell me what ecc is 👉 👈

From a business perspective, there's a huge value in finishing that degree: it tells your boss that you are capable of writing a report on a subject you don't care about, and is largely irrelevant to anything you are currently doing.

And I hate to say it, but even with relevant coursework it's sometimes difficult to come up with toy examples that match the use case of the subject perfectly. It's pretty common for a toy example to be not exactly right for what is being demonstrated because it shows the underlying principle but is actually never a thing you'd actually do

Honestly, this is one of the things that you shouldn't ever be taught (not ECC alone, but doing ECC on encryptions)

ECC is Error Correction Code, if I remember the order of the acronym correctly, its basically a function that corrects errors in a TCP package that can occur for various reasons

def but honestly im with ashlynn in the regards that uni isnt the best for learning, just a level of disicipline. however, you can definitely pick a nugget or two of lessons there

whats the context

ecc on a payload

But the lecturer is getting us to do ECC on the encrypted payload

uhh thats what she said and i know what tcp is

just dont know ecc on tcp?

like encrypting a tcp package with this ecc which appears to be something for error correction?

Correcting errors on a TCP package

Usually some weird af math equations to do it

ah but isnt tcp already reliable as a data transferring thinga mabab

fick math, but still

It's reliable cause it's self healing due to error corrections and retransmission

ye and ecc does not do that or does it make it better?

ECC is what corrects the errors

ahhh i see

and thats... not good?

I've only ever seen ECC used for asymetric key-pair encryption steps, like session negotiation for a DH key. If they are encrypting data at rest with it, it might be a learning lesson on why you don't do that

Its good if you're not working on encryptions usually

but if we ARE working on encryption, then?

Cause it tends to happen on the whole package and not the encrypted payload

Generally if the encryption is wrong you just deny it

I've had profs do that with difficult-to-compute concepts when I was in school.

It could also be that the prof lacks industry experience.... Impossible to tell from this vantage.

At least that's how my workplace operates

wait so u work and go to uni?

im like bloody confused why so much anger to poor ecc

like what did he do

other than correct your erros smh

Like we could have RSA and it could be missing one of bit and we just go "lol no, go away" and deny the request

ok, we have been talking past each other. I understood ECC to be elliptical curve not error checking

Yeah, I'm just expressing my distastefulness of my lecturer

Teaching things we shouldn't be doing on the job lmao

Tbf i should've been more clearer, my bad lmao

riiight thats my cue to kinda walk away -- since when did drawing get into encryption;-;

Elliptical Curves are fine

from what i remember, you'd just use a rolling CRC checksum for tcp stuff. but application can certainly use a different algorithm. If it's a non-standard error check algorithm, prof might be using it to prevent google copy pasta answers

There's nothing wrong that

https://en.wikipedia.org/wiki/Elliptic-curve_cryptography

i understand your frustration, but id still say anything you learn is worthwhile, even if it is an example of what not to do. but hey the fact youre questioning things shows critical thinking so props to you:p

THANK YOU, prob shouldve done that myself 😂

Gave +1 Rep to @whole yew (current: #11 - 834)

Yeah, normally we just do it on the actual package, and it's up to the application to tell if the payload is correct or not

could someone help me with something quickly? I posted in help channel but everyone is here

actually man im at home, not here, so...

sowwy bad joke 😂

Lmfao

I'm on break at work atm, I was patching up my assessment just before

do you enjoy work? is it better than uni?

Cause I used | instead of << and it caused me so much pain

A lot better than uni 😅

OHH I KNOW THIS AT LEASTTTT

how so?

Company I work for does satellite comms and stuff

I am but a lowly jnr atm tho

Next year I should be able to steal myself a security analyst position at another company

right, tcp guarantees delivery is as intended - if the intent is to transfer a file, it makes sense to have a separate application check to make sure it not only arrived completely, but wasn't changed with an on-path attack. I've seen a case where the file contents was changed as part of the on-path and the client did not validate the md5 because it was a "trusted" server with a self-signed cert

so uhh you hack aliens and stuff... cool cool. please do let me know if theres an alien invasion in advance thx!

That's...mmm

an um jr in what? like jr pentester or sum thhing else

i was an intern

Nah I'm the blue team

sounds like a junior dev position, possibly sysadmin

Jr. Security Engineer

damn sounds hella smart, im sure youll go far as long as ecc aint in your boat

But I'm currently working with our dev team

have you had to face any intense attacks

im like hellal curious cuz im starting work soon as well dont know if i go red or blue

None that I'm allowed to disclose unfortunately

SO YESH

so you are embedded with a devops team? or is it an older style of dev?

no worries 😂

We just follow standard soft dev lifecycle

typically stuff like that is time-bound in the NDA that is part of the employment contract. give it a few years and then the stories start to come out

but uh if u were to compare red and blue, what would you say blue has over red? or are you in blue to go into red soon?

No agile or anything

ill be there aliens from outer space hacked into earth!

that's not really a thing. every shop is different; i've seen about a dozen different ways for the agile scrum to be implemented, and that's not counting the actual deployment to prod. that's just the coding side of the project

I did a bit of red team on hackerone for a bit, but I honestly prefer blue team, I enjoy finding a bunch of ways to detect intrusions or make an attacker's life pain

every project manager does things slightly differently, even if it's nominally the 'standard' agile scrum, or waterfall

Both of which also make my life pain cause the systems are stupidly complex

oh nooo, dont let ecc hurt you;-;

i pwomise i wont do ecc encryptions on payload

or whatnot

We just follow the whole Requirements, Mockup, dev, test, release, patch, repeat

Iirc is waterfall?

I never bothered to actually learn the terms properly lmao

I just follow whatever process we have at work

what makes the jr analyst life full of pain is the context that the mid- and senior level analysts know because they have been their long enough to figure out the tribal knowledge. juniors have it tough because tribal knowledge is never written down

i love how theres two people in chat, one whos a complete dumbass and the other who can lowkey hack the planet 😂

Yeah I had to figure out SATCOM payloads on my own cause it wasn't fully documented

morning

waterfall is step by step. if there's a problem, you go back to step 1 and start over. if it comes out the requirements were bad in the testing phase, time to redo requirements, then design, then implementation, then you can test again.

Basically what we do yeah

Not anymore

It’s been decommissioned

It’s not longer being used

It's much more common in embedded systems dev, as there really isn't a 'fail fast' methodology that works with board development

Apparently

Hell yeah 😂

I don't question my PM unless it's something obviously wrong
But I'm not assigned to embedded atm

Applications Dev is the team in with atm

@knotty valve why redacted.. did they get you

It was a joke from another server I'm in

Okay

They didn’t get you

Good

Not yet

Hehehheahaa

Your website won’t load on my phone

Hehehehheheheheh😅

Currently down atm

Damnnnn

I was supposed to setup a VPS for it

You can try firebase to setup a live database for free if you want

Just a tip

Nah don't need a db

Okie dokie

Ty for the tip tho

What’s the site for

Write-ups mainly

Okie dokie

Or random notes that I found fun from studies

same same I made one in a blog format so anyone can chat shit if they want 😂

Lmao nice

4 investigations by the fbi

Money spent on tattoos: $3,500
Money spent on piercings: what the hell?!

That would be mine

😂

I'm surprised I got my job lmao

2 times walked passed a murderer

Normally most employers don't like people with their neck tattooed

They can get over it 😠

The interviewer loved it 😂

Or well, my now-manager, is also a big moth fan

I’ve been thinking about getting an arm tattoo but I want it to be meaningful so ima wait

Honestly fair, better to have meaning imho or just something you really like, it can always develop meaning later on

Most of mine have meaning, except two which are there cause I love floral designs and moths 😅

nice

Hi everyone. What is the current number of SAL1 holders?

Try some lavender oil before bed on your pillow

a nightmare is a manifestiation of fear. in my nightmares i kidna stopped running and started fighting (lost and died), but death in dreams is genearlly a sign of change

nightmares have stopped

and that my friends is another episode of who asked 😂

lol that’s good advice tho , I had a night tremor once that put me in the hospital

Thought I was in a video game and kept fallling on the same bridge , was prob 10 yrs old

I’d wake up , fall back asleep n go back to the same lvl

If nightmares or night terrors are ever a concern, consulting your doctor is better than consulting people on the internet imho

True ^ def requires professional help @leaden marsh

Unless he’s just signing lyrics to a metal song

lol

Me as I'm listening to metal while waiting for something to do at work

I could read the plethora of documentation we have on radio comms and satcom tbh

hey guys does anyone know how to build labs for a specific cve to support ???

the cve is not specified

Key thing would be understanding the exploit first, write-ups, NIST/CVE disclosure, etc. try finding a PoC that explains it and replicate it

I find I learn it better by dissecting the PoC rather than reading the write ups tbh

Could do both w some metal, that silver chord gojira song comes to mind

Cause PoCs tend to be very minimal in description for some reason

what's a PoC?

Proof of Concept

It'll be a snippet of code that proves that the exploit is possible against a minimal mock up

What exploit y’all yapping about

I.e. the Erlang OTP one
That's a fun thing to look into

Relatively basic in premise

I believe they're asking more generalised

yup

Since they said they didn't specify a specific cve

But yeah, find a cve that looks interesting, look into the NIST records or any write up on it, find a good, minimal, proof of concept and try and replicate it in a virtual machine

mind if i dm you???

I'd rather keep it here since it'll help others as well if it's in a centralised space

My dog keeps eating flies

Normal

Idk why they do it

the things you say i might lose because of the numerous messages if i want to check later

People do occasionally read backlogs

Or lurk

i see

You can always save the message link too

I'll try to do that

so read the writeups , understand PoC

about the Exploit

that's it right ?

Yep and setup a VM to try it yourself with a minimal setup

I was vibing to bring me the horizon

different cves might have different os specifications right ?

They can yeah

yup I'll ask gpt if i can't find them ig

A CVE specific to windows will only work on windows, but a CVE on a web app would work regardless of OS

yeah a little nervous

I'm*

I'll have an assessment where if i fail to do leads to losing the job opportunity

Don't be, as long as you keep it inside of a VM and not test directly on a company it'll be safe

although it's my first one

so

Look, all you need is a pass

tomorrow

Don't stress over the passing, just that you understand what's happening

I know people who flunked school but are extremely good at breaking cryptography

yeah thanks for the motivation

I'll ping you after the assessment

I get it tbh

I was hella nervous submitting my technical analysis on Stuxnet

What really matters is that you learn from where you missed marks, and that you understand the fundamentals of what's going on

Don't need to be the next super hacker lol

There's plenty of time to master the trade

okay 😂

yes i will

Best of luck with the assessment btw

thanks @knotty valve

Gave +1 Rep to @knotty valve (current: #2830 - 1)

No probs

does anybody know how many questions are on the security+ exam?

alr. study time!

less gooo

up to 90 as far as i know

thats that doctah peppah

check your DMs when you get a sec

https://tenor.com/view/harvey-specter-suits-angry-smile-sad-gif-27350550

Hacker

hello ppls quick question?

has

https://tenor.com/view/stay-cool-drink-water-shaq-relaxed-calm-gif-25291228

has tryhackme helped anyone land a job

@cloud quiver Hey hi Captain, long time no see

helped me land 2 CVEs under my belt

Hacker

so, id argue it probably helped people land jobs

Hi 🙂

like which ones

https://tenor.com/view/understood-understand-aye-aye-aye-aye-captain-seagul-gif-1699825832452367008

Many people 🙂 . Check out #cyber-and-careers if you're looking for a career advice 🙂

which ones

i dont think i can self promo here but just check my profile

they are on my github

Is that Dr. Peppa?

the router ones?

yep

Ah

did you get them numbered?

i did indeed

Hell yeah brother!

ikr

im so proud of myself

its like my biggest acomplishment

i flex it everywhere lol

I might find some in a WP plugin or theme I'm still looking for time. I'm currently reimaging my workstation and organizing at the moment.

😭

I've got to move a folder 😱

your so orginized its scary. my desktop looks like its icons were just puked out onto the screen

It's still growing too 😭

yeah no. my machine has files labels as "garbage i need" "garbage i dont need" pretty sure one folder on my D drive is just labeled "stuff"

I'm going to have a fully organized workstation for everything I do on a day-to-day basis. I'm preparing my structure and organization for university.

lol

I don't violate copyright

that's a no no

:(

||not in anyway promoting privacy or condoning copyright infringement just a funny joke between 2 friends..||

lol

My uni organisation is chaotic

Only thing organised is Obsidian for all my lecture notes

Toolings, scripts, workshops/labs, that's all over the place

Which is the opposite to my work organisation which is immaculately clean and collected lmfao

hello

good morning boiiiss

good morning

yeah my orginization is so bad.

it really needs some work

what ?

i was responding to ashlynn lol

and you

its ok lmao

HELLO GUYS 👏

What’s up w that 5 dollar router lol

found it at goodwill so i ended up giving it a wack

lol

lol awesome

now you guys know what router not to buy

Youre welcome

ive been trying to get command injection on it with no success but that would be prettttyyy cool.

https://www.youtube.com/watch?v=O4xNJsjtN6E

Morning children of the sand

Why would you remove the speakers, wifi card and touch pad from an MSI moder 15 laptop?

Ubuntu is installed on it, could it be that its missing drivers and the person doesnt know how to install then and thats what he means by them being removed?

i remember you asking about this before. if it seems too good to be true, it probably is.
when you say "remove" you're talking about physically removed right? previously you said they simply weren't working i believe.
sounds sketchy.

Morning all

Morning!

Hello can somebody help with a query.????

I love this emoji

Morning brother worm

Yea noone answered. I guess ill have to just see when it arrives! Im not sure if they physically removed or if its just not working. On the pictures it still looks like the touch pad is attached

Me too! Hes perfect!

morning everyone, how's it going?

hey mate, its going good! eyes burning my havent finished the coffee yet! How are u?

Quite fantastic actually, going to play some games and then grind THM for the rest of the day 😄

Morning all 💻

Sounds like a wonderful day!

Morning mr booty

how's it going for you so far?

Good! Eyes burning less, waiting for a client to responed to an email, only working halfday so cant complain! How bout you, have u rebooted yet?

mornin

I still have not been to sleep yet lol, been on my grind all night, it's 7:54 am (UK) 🙈 working on a little business project 💪🏻 I should really get some sleep

Morning

took apart a laptop yesterday and now it doesnt give a display anymore

Lenovo?

acer

only led that turns on seems to be the power led

im taking it all apart again later

so fun

sounds like it!

how about I can finding root.txt bro ?

since your message is already sent in room help

someone will help but just be patient

see? kgb is already helping

Ah, thank you very much 🙂

Hi

Big ups KGB

Might not be named root.txt

Also the sh looks to be on your machine

i have a question is it okay to binge read the blue teaming tools and work in security 101 like i have decided to build my career in pen testing

I did find / -type name root.xt 2>/dev/null but nothing 🙂

Seemed to be a ram issue

Its still overheating like crazy

I changed the thermalpaste and blew out the dust, any other things i could do?

Probably depends about how thoroughly you cleaned as you need to make sure the vents/fans are clean

Maybe in BIOS you could check the fan control settings?

Did you knock out the display cable accidentally?

i have a question is it okay to binge read the blue teaming tools and work in security 101 like i have decided to build my career in pen testing
please if anyone can answer my question

Display it working again now just that the cpu and gpu are 90 degrees constantly

I did but it did not have an option

Its an old one

The fan might be dead

Well yeah, if you switched out the thermalpaste, cleaned everything thoroughly, then the next thing to look at is probably if you even have any fans or if they are dead xD

That would cause heating

Should check if it's plugged in tbh

is this boylover

i saw it on a fishing game once

Yes

i am not too up to date on my furry art

okok ty

Hay

This is like the fourth time I've had to tell you to use #room-help

If it's thm content, it's room help.

@worthy fossil I don't appreciate being ignored.

Yes, I know and moving there

😂

Are you ok there?

Yaah.. Yaah, I am Fine

So what's with the response of the laughing emoji then?

I wonder why people do same mistake again n again.. and i saw you said 4th time.. So this got me laugh.. Assuming that laughing isn't a rule break & crime..

I just don't see what is funny about...

Cuz you are not the third party... You are the playing in the conversation & i am spectating.

Assuming you have watch Squid game Web Series. You can understand it better.

i found a cool alternate solution to this (this is from intro to xss room)
my ss below shows the solution given in the room walkthrough
i tried to do it on my own before reading the solution
and i was able to get an xss here with ';</script><script>alert("THM");</script>

probably something very silly but i wanted to share it regardless

hello

good morning everyone 🙂

hello guys please i need some help.
the task was to creat a rule to flag a files IP id
this is the created rule : alert imcp any any <> any any (msg: "ID TEST"; id:35369; sid: 100001; rev:1;)
when i ran on the pcap file i get no alerts
this is a snort issue

did any one face his issue

@wind hamlet try #room-help

ok thanks

Gave +1 Rep to @echo wasp (current: #1405 - 3)

Glad that you liked it. You might want to revisit the room after it got a couple of extra questions. 😄

not gonna lie, i've noticed my skill & knowledge grow alot by using THM & other providers. only thing i dislike is the ammount of theoretical answers i need to give while there's no real value in some of the questions

There is quite a few different xss payloads you can use.

You can also swap alert for prompt.

';alert('xss');'

i thought you don't want to have the ;' at the end
isn't that the whole point of // after the alert function

It was just an example of loads of others.

You can import images, mouse overs, two clicks etc

i see, thanks for sharing
will read up on those as well

Gave +1 Rep to @sick lance (current: #2 - 3672)

@blissful current enjoy vacation

off to Goa day after tomorrow lol

and then next week i have a Technical Interview as a Unity Developer (Game dev) ;--;

iz my first interview ...lets see how it goes next week

Hello everyone!

Hi bro

Does anyone know when there will be another discount campaign for Premium Membership?

Non event?

Probably black Friday or AoC.

Damn it’s far away

9 day streak guys we in it all the way 🫡

whats the longest streak someones got?

Over 1472

Scrubz how are your studies going?

Good, I only have 3 exams left then I graduate.

Nice, I hope you ace em!

That is INSAAAAANE

Wat?

For what. a user? or what?

Everybody is going to be different.

Can't provide a general number.

Which one?

Again, I can't provide that, as everybody will be unique.

But from where

Many platforms offer an "Ethical hacking" course.

I just finished a CTF where I can to analyze a PCAP file and find a C2 server... the answer was 127.0.0.1

crazy.

Hello try hack me team ! Just got a job as a cyber assistant, big thx to the thm plateform for all the learn ! Wanna ask somthing, which one is the best blue team learning path ? Did a lot of red team but not much blue, let me know 🙂

Regarding?

🍿

https://tenor.com/view/top-gun-tom-cruise-maverick-classified-secret-gif-5041272

congrats on your job mate

Congrats man! pretty cool, I'm wanting to go into blue teaming Im almost done with pre security then I was going to move onto cybersec101 not sure about afterwards, defo want to do SOC l1 but not sure if i should do something before that

you always held the key to enlightment

plot twist of the century

how to hack yourself in 5 minutes

i hacked localhost:7000

i pretended to be me and asked myself for my password the other day

social engineer myself

the social engineering attack actually succeeded

It needs to be done...

make one for this server and i'll replace it with cybr

i wonder who spread the virus

lmfao

so true

also the [BUG]

i'm yet to encounter it

u can't

u need to be a dtester //bughunter

Thx bud ! Actually I’m doing the cybesec101 pretty good learning so far. Will take a look for more blue team room

Gave +1 Rep to @restive roost (current: #1405 - 3)

:hammer: spellx_#0 has been banned.

I have no idea what that thing is

A server has been created in to a guild, and members get a tag in their name.

Now everybody is joining the server to have the tag.

I need to create a new malware vm.

😄

I need to stop procrastinating, I get lazy for a couple months and come back and THM has leagues, new levels... you guys been busy

also no more mods 👀 @cedar scaffold

only Scrubz is left

is he trapped or happy in there?

i believe he's being held hostage

stay strong Scrubz

Look at their server

Stats

It's actually insane how many ppl joined lmao

i don't want it

It's not really..

Ye it is, check their joining stats before and after dc added it

It was not even close to same pace

i bet 95% of people who joined just wanted the "cool" badge

True

ppl like shiny things

It's still free marketing

Cat got the thousand yard stare

🫩

Afternoon chat!

Skidy should make one for this server, it's basically free

Think it's only open to certain servers

I belive discord updated it

now it can be "bought" with 3 server boosts

whats with the AI hints being shit

told me to do the wrong thing

multiple times

hello :}

https://tenor.com/view/short-paws-rude-cat-bully-gif-19631347

well lol

hi

Where!? Shiny?!

Look at the shiny guild badge

yeah the fan is dead

Anyone completing the MWR 2025 internship room??

https://tenor.com/view/orange-cat-gets-flung-and-explodes-orange-cat-funny-cat-meme-explodes-gif-10706110874965244466

hello

fr its at 90 degrees idle

Oooooo prettttyyyy

Please din’t advertise here

Okay

Will do, thank you! 🙂

Gave +1 Rep to @shadow isle (current: #255 - 30)

https://tenor.com/view/kermit-kermit-the-frog-hello-hello-everyone-muppets-gif-6287263276957406125

Hey DKob!

gm

How is everyone doing?

Not bad at all how about you?

That will be local time.

Starting in

He there anyone is in sliver league

Bro -_-

I am a question, Is the Lightning Lessons a group lesson like all the registered members to join at once?

Me

I am in silver league

What is your rank

Rank 1

😅

🙂what name ?

https://tryhackme.com/leagues

Not Alive

It's dil8 is 1.

???

-_-

@glacial berry

I my side I can't see you

See

In my web I can't see your name @glacial berry

I am no. 9

Hi, can anyone help out i am facing issue with AD breachingad like i was able to access the page but cant do anything at all

Might be a differ instance/server

Yess that's what I am trying to know 🗞️

Go to #room-help

😅

Oh wow some networks have a dmz sub

That’s coool o.o

Different instens according to time zone.. not dmz

I think

as network like tryhackme i don't think there is network sigmentation with dmz or with out it@crystal mauve

#breaching-ad

Check the pins.

Hope you're doing well! I’ve been designing websites for a while, but I’m really struggling to make consistent money from it. I’d love your advice—did you face this early on? Any tips on finding clients, pricing, or niches that work? Or if you know anyone looking for design help, I’d appreciate an intro!

i love how random people come in here and ask to help them with Bruteforcing Social media accs, Simswapping, etc

...Wat?

DmZ as demilitarized zone thing ?

a perimeter network?

devices that are outside fw and so on network. wweird to explain

hi needed some help about branches in colleges
i m getting electronics, mechnical and many others
i wanted some opinins about them and which offers wide domains

electronic is not bad.

i once grab 3 phaze wire =/

electronics and Communication Engineering
Electrical and Electronics Engineering
these are 2 which i dont know the difference in

that ikd also

what exactly does this field have

anyone joining the webinar?

nice. same here

Took a small break from work to be there.

you took a small break from work...to join a webinar about getting job-ready in cyber haha

iirc @naive violet doeing electronic things. might he can shine light

@sick lance tryhackme use league leaderboard with poleop same timezone

There's always something to learn. 😉

@loud marlin yes

Oh, yeah.

I thought you were refering to the networks.

Electrical - mains power
Comms - networking and telco
I'd imagine?

ha?

this

@timid prism electrical engineering is about height voltage and current and electronic is low voltage low current.. trust me I am ass engg electrical 🤣

lol

In electronic we online work with low voltage and current.. not 440 or 1kamp

But in electrical we go 600v,440v 2k10k amp

ill do some research on them in a few days after one exam, if tht goes well i will take up cs
else ill have to decide between every other branch other than cs
i have all options available (depending on the uni) which i chose

but other than that what are your views bout the branch u are in ? like what jobs do they have is it a good field to take up

I am not employed in that field, I do hacking

in what field does semiconducts come in?

vlsi?

Largely electronics

Will we get access to the Webinar recording?

A DMZ Network is an edge network that protects and adds an extra security layer to a corporation's internal local-area network from untrusted traffic. A common design for DMZ is a subnetwork that sits between the public internet and internal networks. Yeah that

will we have a new room today ?

How can peepl go undetected through a dmz subnet…

Great webinar Marta & Tinus! Thanks for the insight.

Oh it was Marta an Tinus, which I joined now

Good stuff. Hope they do more little short webinars like that.

i enjoyed it tbh

learned some things

The zoom chat was wild. It was the THM black market lol.

yer it was interesting

Probably should get mods for it next time, not sure if it can be moderated though.

There were links to real hacking groups.

That will be THM.

That was tmi

report

Remember this place is literally some members work environment.

so many links that you start to be afraid from the chat

i just didnt use the chat icl

It was interesting to say the least.

fr

i was glad i went though its nice to see thm doing stuff like that

Tinus has taught me quite a few things. 😄

seems super knowledge on the topic tbh

who was the speaker?

always nice to hear from people who have that kind of knowledge

Was the webinar recorded by chance? I thought it's in 20 minutes :')

Yeah, talk about trial by fire for cybersec enthusiasts. Lol

Tinus is a THM staff member.

I won't say which one if they didn't introduce themselves.

Tinus just mentioned being a senior content engineer IIRC. But nothing more.

i already landed myself a pentesting job at this moment. (Learning it on company time) going from Sys Admin to Pentester.

damn i got too late to join the webinar

Hey all! Just checking in after the lightning lesson, hope you all had fun! We'll have more information on followup for you soon 🙂

If you liked it, do let us know - we're trying it out, and your voice matters for how we continue doing these 😎

Your profile picture looks so much like you! Who's the artist behind it?

Yes, please more short format webinars like this.

The THM design team! They kindly decided to design a character based off my likeness for last year's AoC, I've been using it since 😄

Looks adorable, well done.

We have another one for Azure in ~30mins, maybe you can catch that one? 😄

https://tenor.com/view/star-wars-more-gif-21856591

Is it recorded?

Was that announced? I didn't see anything about it.

It was recorded, but I'm not sure about our approach for releasing the recording or parts of it, so can't confirm anything

Ah I see it now

how could we get the link for it?

https://bit.ly/42NSiQ3

thank you!!

ily too

I get "expired" message

I am referring to the "lightning lessons" webinar

it is over

hi, what happened from here and up?

Nothing?

Not me rushing to create a Zoom commercial account

He is like a hacking encyclopedia, so much knowledge and a great teacher!

ngl i read that completely wrong

but who tinus

Guys, how do you find a lost/stolen phone but i don't remember the email password and neither i have the phone box with me

Contact your mobile operator, they should be able to bar it

Barring a phone prevents it from connecting to any mobile network. (Regardless of the provider) basically making it useless unless taken out the regions where barring is in place

Yes

what's that pfp wideboi

@silver sky hey man how's your health rn

I'm not sure that you can get that back

Yes that is kind of a dead end...... But still i was wondering if someone can help me in this

they might have tooken sims card out, couldn't guess the pin and broke it, etc

Or hard reset it

yeah

Through laptop

Are you sure it was stolen? Was the email account linked to a recovery email?

You probably can't.

Your chances are pretty slim

Doesn't help if you can't remember the email,.the box is useless.

I didn't set up the phone...... It was my father's phone and my brother set it up so i don't know much about it

I remember the mail but not the password

Can help

Then go through the support about password reset

And don't know if recovery mail was added or not

How? 🙂

That's the catch..... The sim card with which the email was registered was in the same phone

I cannot get into google find my device

You don't need the SIM.

Do u remember your number? Or ip address

How do i remember the ip?

This doesn't sound too ethical.

I know both phone number which was inside the phone

How are you supposed to get it back ethically anyways?

Google support?

They would still not help

And by now they would have reset the phone