#general

Or whatever

Literally

i imagine ill lern more once i get to the jr pen test section

You'll also learn more on the job too

Im not sure but i think we have a room for just team.. some mods do not like we ask for teams in #general

Seems we naturally have more people that want to get into the red team than the blue team lol

I'm going from blue to red

Outside of work I sit pretty much in purple

At work I'm blue

I don't see the room you're talking about :c what's the name?

i dont dislike blue team but i just enjoy being a sneaky lil shit lol

if im not sposed ta, i wanna

There's been a few times where I decided being sneaky is boring

So I went very loud in a red team op

May or may not have locked up someone's Sentry database

remeber, it still a succseful sneak mission if there is no one left to be a witness

Turns out the group I did it for didn't even have an IDS

i dont know what this means but it sounds important

I'm not entirely sure which room they usually refer to, can't remember tbh, but I know there's a channel where it's ok to search..

Nor an IPS or even a WAF

#koth maybe?

I also have the most knowledge from blue.. but having skills on both red and blue is important

Maybe.. dont know:S

This isn't a recrument server, the only time we allowed members looking for teams was during the hackfinity event.

the flags in nmap have capitals as the second character is messing me up lol

I got woken up at 7am to fix WiFi ?

Is that a question or a statement?

wtf

A statement

The ? Is me questioning the sanity of the peeson that did it

Because it’s 7am

Did you see what Scrubz wrote: "This isn't a
server, the only time we allowed members looking for teams was during the hackfinity event."

I am soooo tired right now 😭😭

yeah same

Same

I accidentally overslept and missed school

Enroute for my last exam. Woot.

Good luck today

The advantage of being the one who is good at computers in a family...

Thank you.

Gave +1 Rep to @sacred shore (current: #764 - 7)

Ohh, I see, sorry— in which room can I look for a team?

Yes, wish you luck @sick lance

She’s just mad she’s gotta get up for work

there working with one of stays 2 streets over, ive been listing to this amazing constant noise for like 4 days

i might go crazy

So I must too get up

hey do you think we need AVs? I've heard some people say that we don't need them. why not?

Apparently not allowed at all on this server, so maybe if you make some friends here and create your own team, otherwise there are other servers that are not owned by THM that have teams for THM..

Busy.. It's nice that I live alone and don't have to do that.. 😄

That's okay, thank you very much.

Gave +1 Rep to @crystal moss (current: #289 - 26)

...Why would you not need an AV?

ello

No problem, you are welcome.

Hello!

Tbf I’m just here for a couple days I can go home whenever I want.

😆

Ah.. But then it's not as bad for you:D

It’s annoying. You would think after all these years she would change.

That's what I'm confused about. I searched about AVs on google and there was a reddit post saying we don't need them. I ignored it at first but I heard this same thing again and I still don't understand what's going on.

How would you protect yourself agasint malware/virus etc?

With Av

Hehehe.. Well, you think so. But people feel comfortable if someone fixes things for them. They know you'll fix it so they don't have to make an effort..

Maybe they meant no extra AV if you are windows? since you have defender?

Hello. New guy .

welcome

I'm sure they would have said that.. 😅

Yeah. I was thinking about the same thing but this guy is saying that I don't have a AV on my laptop cuz I know what to click on. like bruh not everything is phishing email

Thank you

yeah okay

Hello and welcome!

I said to her last night, leave it and I’ll fix it tomorrow when I’m up. Not wake me up tomorrow.

Ok, that is their decision, however think of the average computer user, do they know?

@crystal moss Thanks

Gave +1 Rep to @crystal moss (current: #283 - 27)

Did they strictly mean the average user, or nobody needs AV (including orgs)which is scary.

You don’t have to click on something to get malware.

Loads of ways to get malware

Many people don't use any third-party AV, but use Defender. Many people who use Windows get by with Defender and a little common sense.

not really. I thought there is something that I'm missing here

You should have defender and malwarebytes

Defender isn't the Defender of yesteryear, it's so much better now.

Yeah that's what I'm trying to tell this person but I guess it's up to him if he wants AV or not.

Now.

@languid torrent I solved the image CTF you talked about very simple 😉

Trust me you'll get it fast if you think about it

I have five 😂

Is Defender sufficient enough to protect a system? I think an average PC should have a third-party AV installed

5 is worse than none.

My system has two

i have none my pc is patient 0 lol

i open all links

But both my AVs look for different things

I have defender, malwarebytes, awd cleaner, R kill and hitman pro

I have one that looks specifically for rootkits

I don't use Windows myself, but from what I understand from many others, Defender is quite good. But then it's all about your own behavior in the end.

https://tenor.com/view/terry-birthday-brooklyn99-terryjeffords-why-gif-13105722

And one that just does everything else

Why

You're just wasting system resources atp

On a mission to create the most secure system or something ? 😂

I wanna make sure I’m not missing something

😂

Also if one is found to have a vulnerability, they can leverage that easier to bypass the rest

Since AVs are seen as a trusted program and typically get skipped

One as in one anti virus ?

Performance issues would be a big one, they'd all compete for the same resources, Each of them would have conflicts.

When two AV's are searchign for the same thing something will get deadlocked... not to mention the resource drain.

check into chat, awful ideas abound

Yes

Nevermind 5.

If you want a deadlock, just use Norton 😂

you cnt convince me tht mcaffe isnt, itself, a virus

The thing is I’ve had malware before and when malwarebytes didn’t pick it up, one of the others did. So I was like I’ll just keep em all

that’s an awful idea

I didn’t know that

Also what if one of them is just scareware

I've never had MWD miss any malware ever.

Are you going to keep it cause it "flags" things

But also like, what the heck are you doing causing so many actual potential threats in the first place

Yeah lmao

nevermind I’m not sure we want to know lol

But you don't need to though. I guess one is enough

Yeah I had it for years and years. Then one day someone got into my pc and I guess I lost trust of it

could have been a false positive or just who knows

Yeah

if you’re ever unsure, just run something through VirusTotal

That's what I hinted at before

Yes... it is good!

Or any.run if I remember the name correctly

any.run is good.

Yes

But they can still bypass the AV if the attacker knows which AVs you're using

I prefer VT though.

Yeah

That's the website that looks up links right?

I’ve not heard of this

VT is just a broader view, but also should not be taken as the word of law, since it’s distributed over so many engines

There's also malwares that can be undetectable to all AVs

gotta use your own brain power to understand the results

any.run is a sandbox like

checks the files if they're malicious or not

Before i was using BitDefender

I’ve heard this is good

Usually zero days or someone crafting the malware based on your AVs

Just stop downloading sketchy stuff

Don't need to target specific AVs at all

Memory Resident Malware is already hard enough to detect

For personal, I am more than happy with Defender. It’s actually more aggressive than I need especially working in infosec. Yeah at work we have a fancy EDR I administrate but that’s not practical for everyone

Many people say it's the best... Or at least it was.

Gotta look into that

but like a healthy dose of common sense is one of the best AV tools

If you can find your way onto a thread that's flagged as trusted, then you also get access to that memory sector

The best form of those kinds of malwares use modulation which is hell to stop in itself

Qotd imo

Just like I wrote earlier, according to many, Defender and common sense usually go a long way.

That's not fun.

Thisss

Indeed, Defender is actually way harder to defeat than many of the consumer options

I don't use anything more than defender on my windows setups

who really stops clicking on links tbh

That's what happens when you have an AV so heavily embedded in the system

I need my Dagoth Ur Skyrim mod tho

mhmm

I mean, I don't click on everything I see.

Or so you say /j

I may get false positives on my demoscene demos, but I know exactly why, they’re packed to the extreme and are doing black magic lol

ez unquarantine

Especially in here, there is only 2 or 3 people I could trust to send me links, the rest of you are investigated like I'm Sherlock.

So what if I sent you google.com

That would not be a link, so nothing.

I'm curious. But not really. Downloading stuff on the other hand is big issue

suprised you don’t investigate links with that same level for everyone tbh lol

I'd still be cautious with links

The really select people are people I know won't send me sketchy shit.

Unless they pre-warn me.

Since drive-by attacks do happen, not every browser will have the necessary security to stop it

The pre warning "open this link if you want a fun virus"

even if my infosec manager friend sent me something yeah I’d think about it, but yeah fair his position does come with a level of not f-ing around-ness

Pretty rare though

No one is burning a browser 0day on normal people

Yeah

mhmm

Keep your stuff updated

^

Yeah it’s not hard

Okay so I cleaned out the other AVs

All my stuff auto updates

Speaking of browsers. Everyone has a preference, what's y'all's?

So I don't need to stress about "is it up to date?"

And when you're on a public Wi-Fi, VPN that shit.

MalwareBytes has a browser link filtering plugin, browserguard

I was actually thwarted at work from forcibly taking over some machines we had full authorization to do so because both bitlockered and too up to date lol

I don't use public wifi

Drop to 4g

And it's excellent.

they just got nuked instead and remade

Where my train goes 4G isn't as reliable.

Nice break then

if no bitlocker, I outlined the steps to replace osk.exe with cmd.exe and launch NT Authority/System cmd on the login screen lol

very fun but yeah Bitlocker broke that idea

I actually use public wifi a lot. The PX and commissary have no signal

F to bitlocker being activated

But also W to the sys admins for ensuring its activated

yeah we were surpised, they had no IT, but fair Bitlocker is being enabled more and more by default

Better than one firm I know

yeah no I had to proactively make sure that all our clients were bitlockered and etc

They're still rolling Windows 8 on PXE boot 😭

lol ouch

It can be, just sit offline and read notes.

Not even 8.1

Straight up 8

FDE should be on every end user device, especially those that leave premises

Not my workplace tho

So not my problem

Airports and stuff usually do that

Meanwhile I will cry for joy when the last of our Server 2016 machines are gone and heck that is still technically Win 10 based

Updates take forever

Embedded/IoT versions are different tho

And LTSC

Yeah these weren't IoT

yea

I was gonna say "don't think they can even run on PXE" then I remember how PoS systems work

God I'm glad I don't have to work with those things anymore

lol dont get me started there

PCI-DSS flashbacks

I had the most hell with PoS card readers

thank goodness so many have just moved to a card reader doing the whole thing

This just reminds me of that time I learned the entire US nuclear arsenal's launch system was still running on an IBM series 1 computer with 8in floppy discs. This was until 2019.

morning guys

I had to buy a MacBook for one specific brand

Because it wouldn't respond to anything else

Only way I could force it to update as well, god I hated it so much

If it's solid, it's solid.
Mil is a whole different game.

Military usually tend to yk

Heavily modify and secure everything

mhmm and even forgetting the technical side for a moment, if card holder data flowed over that computer at any time you’re looking at PCI SAQ C or PCI SAQ D

Cause their sigint and elint teams are nuts

mandatory pen-testing and more

I did find a way to crash card readers few years back

But it was specific to some ancient model

They did this bc it was considered so outdatedmoat people couldn't hack it bc it was coded in B I think. Idr. It's all encrypted SSDs now

...that's not going to be the reason

That's the public reason

I can't even use tryhackme VM on a gov computer half the time 😂

They ain't dropping even a dime's worth of internal reasoning to anything

lol sus, we wont’ question that too much

Just like the nukes they "lost"

Plausible Deniability ftw

I can't remember. It was some program I watch years ago on yt.

Plenty of crappy info floating around

Won't be anywhere near the real reason

Most people can only speculate what happens inside

There's still one somewhere near me from the 60a that just fell off a plane

indeed, I am addicted to informational youtube but I stick to high quality sources

And the people that do know what happens and why are so heavily monitored it's dehumanising

half they time they even cite sources! lol the bare minimum for text based reporting on a subject

I will say though

US Marines know absolutely nothing about OPSEC

Nvm I looked it up. It was in 1958 and the conventional explosivea detonated ... That's fun

Despite the mandatory training for it

It's like they do it then just forget two days later

thus why so many mobile apps have been banned for deployed personnel lol

Us Marines don't know much about much. It's why is other branches call them crayon eaters and jar heads

Yeah lmfao

US themselves used those same tactics to target adversaries

Navy is undeniably queer central (I'm proof)

I was deployed last year and I reported so many people posting there location on Snapchat maps..

....

I'm not even gonna comment

Between windows firewalls and others. Should I just use windows. I did some stuff to it but I was thinking of undoing it and starting again.

loose lips sink ships vibes

I'm National Guard and I like the nickname active army gave us. "nasty girls" lol

Windows default firewall rules is pretty secure as is

As far as the user goes anyway

I know most users just click yes to the "allow through firewall" prompt

For some stupid reason

Exactly. I'm not trying to run from an FPV drone bc PFC Wannabe Rapper wants some clout

By default Windows Firewall blocks all incoming and allows all outgoing, typically the installer will let you know when it’s putting an Allow rule in place

Half the time the installer doesn't even need inbound

obviously Windows services get special privilages depending on your machine’s config

yeah a client we absorbed had Firewall turned off via GPO, so I had the fun time of fixing everything that broke

Smh

boss demanded it happen now. Happy to oblige

I had an issue yesterday. I don’t have any phones linked to my computer from me. I kept getting it come up with two users connected. I checked and they were unknown but I couldn’t remove those accounts even though I’m supposed to be admin.

How would someone get account management without my concern.

How do you know that’s related to phone link specifically

Sounds like a compromised system

🚩

Yeah but every bloody system they’re able to compromise without getting a hold of them.

0 day 0 click

And I can’t secure it before they get in.

Able to find my physical location with and without devices on me.

Probably a rootkit like what was suggested the first time lol

Or someone who's nearby to you

Yeah I’ll refrain from commenting since I don’t know the full scope

Over the last week, symptoms pretty sound like it's either rootkit, an infected adjacent device, or a physical threat actor

I just had to Google 0 Day so I definitely cannot contribute anything useful

It was a rootkit in the last computer . Picture this, I try to reinstall bios to get them out of bios. The next morning I wake up and they’ve left the folder open to rub it in my face.

✌🏻

lol I just know that they’ve had too many weird issues but I can’t attribute without knowing more even with that background (thank you though)

lame didn’t trigger the thank you rep bot

Lmao

That’s weird, why didn’t the bot work 😆

Finished uni work I can do rooms

parenthesis is my only guess

Whoever it is, is a creep

They’ve clearly got an issue with consent

😬

lol either way it’s clear your 5(!) AVs were not helping

Yeah sad

Because it isn’t a malware attack

How though

Ahhh

mhmm which is where EDR kicks in but fair not consumer grade

How does one stay persistent anywhere you are without malware

lolbabs and much much more, many AVs are just dumb signature based

I found those Http redirects too

Some malwares or malicious files can be directly installed in idk what you call them but something like a root in widnows

And looked like C2 sever maybe on wireshark

but again Defender finds even my harder to detect reverse shells just in my notes

so again your AV setup is actively doing you harm lol

I uninstalled them earlier when scrubz said 😓

lol fair enough, so what are you down to? Just defender?

Defender and malwarebytes

so just Malwarebytes

any AV will register itself with Windows Security Center and disable Defender

Or you pissed off the wrong people

That's usually the case for such an advanced tactic

I refused to work for them.

For the first time.. if Linus do it..
https://arstechnica.com/gadgets/2025/05/linux-to-end-support-for-1989s-hottest-chip-the-486-with-next-release/

I’m not a criminal and I won’t ever be manipulated into becoming one

🤷‍♀️

yes we’ve read that, or at least I have

Must of really hurt their ego

Oh well

as much as 486DX2 66Mhz is a dream retro computer of mine, nothing about the modern Linux kernel is ideal for running on those specs

That's why you don't get involved or give a group a reason to be involved with you lol

It's totally bc you took apart the Gameboy. Nintendo didn't like that. /J

alright time for bed, this chat is only making things worse lol, besides Ash, good stuff there!

I wasn’t involved, these were neighbours. They were already in my device.

see ya!

Then just Move™

Already creeping

Good night noir

See ya!

I have a child and I can’t just up and go wherever I want

Night night

Okay and? My parents had two children to raise and still moved from dangerous areas

Ashlynn, you mentioned you were Navy?

Not an excuse lol
You can always find places to move

I don’t have any money. I’m a single mother on benefits

For Networking yeah

I live paycheck to paycheck

I’m on my own I can’t just risk it

Us or AU? I was under the impression you're Australian.

And my family was on the poverty line, rn I'm only hearing excuses to keep yourself in a potentially dangerous position

You clearly don't care about it enough to take any steps to secure yourself or family, other than complaining online where no one can help

Why don't you take your child to live with your biological parents?

In 2021 I was moved into a temp accommodation away from them due to a domestic. I had waited 27 years to get away from them.

That temp accommodation was a shit show.

So I guess you are having conflicts with your family or you simply want to live alone and be in control of your own life.

Surrounded by all these shitty people who were dealing drugs, trafficking people and scamming thousands 🤌🏻

I mean WHY THOUGH

How do I wait years and years to move away from narcissists to end up in this shit

It's difficult

Bc people suck and that's why I live in a camper on the woods. Not even a joke either. I don't want neighbors.

hi everyone

hi

I live by the saying it’s better the devil you know. I can’t say for certain if I went to another country with no money I would get housed, I could end up in an even worse situation.

did tryhackme reset challenges progress for everyone? I see 0 challenges completed?!

Living my dream

#site-support or #site-bugs

Weirdly enough, sometimes when I have the page open but use the rephrase in my browser it's fixea things. I'm not sure why it works but it does.

Ctrl f5 maybe

What are you doing now?

https://tenor.com/view/i-need-to-calm-down-everythings-fine-im-an-adult-angela-smosh-gif-3349884247915859729

Oh I just signed out and in again

was stuck

And your only solution is to move to another country? Wouldn't work that way on any visa unless you had an immigration visa that has to meet specific requirements (which also includes financial)

I'm saying you should maybe spend a little less time on Discord, and look at trying to organise your life so you can make it more secure and stable

Surviving 🤣

Me studying cyber was a way to make it more stable. I thought maybe one day I could defend against the attacks. They took everything. I had a small business too before all this happened and that’s gone.

If someone has full control of your online life you can’t do anything.

1 thing everyone is doing =)))

well not exactly everyone

I tried to immagrate to Iceland it's so hard for Americans to do 😂. I found out New Zealand is actually the easiest place forw to move to because I'm in the US military

A very difficult and challenging profession

New Zealand and Australia are really nice places and they’re usually out of all the world drama

I know 😓

I also don’t enjoy it

So instead of actually trying to establish stability while studying, you're doing what? Other than trying to make your personal issues ours by bringing up the same thing almost every day

Yes, I understand life is difficult, it's hard for everyone but sitting online everyday and moping about it

New Zealand is usually left off of maps too lol. It's a running joke on some map groups and pages I follow

Idek why I'm having this talk with someone who's most likely double my age

Well I ask questions here about it because I’m learning how to fight against it. As far as I believe this is a place to study, is it not.

What’s my age got to do with anything.

A place to study, not for us to be your EDR free of charge

I am also studying, when I study I realize that the school I study is easy to get into but very difficult to get out of 🗿

I didn’t actually know that

Why i can't see how much points i have earn ?

You don’t have to answer

I’m just studying

Oh yea. Usually the joke is removing NZ from the map and if there is Data on a poll , Greenland is always "no data"

Site bug

best way to check how much points you gain is in the dashboard :v

When it's nearly every day you bring up the same thing, kinda hard to avoid it

Please explain how it’s the same thing everyday.

it does that everytime for the last 5/6 rooms for me 🥲

I didn’t even post for weeks on end

But now it’s everyday

And it’s not the same thing everyday. I’ve been asking different things everyday

I'd say chuck it in #site-bugs then

I just wrote a whole message and misspelled most the words... I think that's my que to go to bed.

#site-support or #1333993673381253162

I’ve asked about wireshark, connected devices, building devices.

Yeah, you should rest.

Also if people are so sick of hearing about it, they should stop asking. I am asking about the techy parts and people are asking about the personal
Issue.

Good night then..

I don’t lie so I just answer.

It’s not me “Bringing it up out of the blue”

How can I balance work and rest time? I am always in a state of drowsiness and tiredness.

I’m getting asked

Don’t work after 9pm or have caffeine

You should always try to get up early in the day. Your natural clock works better with studying

I only go to bed after 12 midnight and wake up around 3am, then I can only sleep until 6am.

I leave y'all with a sign on the fence from my local Walmart

grab a frying pan before you go to walmart, if you see an alligator just hit it in the face =)))

It's 4am and I have to bE up at 8am , I look like the dad from Coraline at his computer 😂

I used to wrestle em for fun. They usually don't care about people, like at all. If you walk towards them they tend to move away, especially into water.

Staying up late like that, you should drink a ballerina cappuccina

Why’s there alligators at Walmart 😆

They built a retention pond, so the alligators moved in 😂

Moved in? They just packed up and moved in😅

Morning all

Yep basically. It's very swampy around here so there's alligators everywhere. The retention pond is just more water for em to chill out in

@stoic quarry morning

I'm so confused why I got pinged there lol

mornin silastic

Who pinged you

Check out my sick annotation skills

I love it

Youtube thumbnail tier

your missing the suprised face

Better than the tutor I had fr. He should have been blocked from the whiteboard

Lmao

Why's that

It was me. My mistake

Why didn’t say I was tagged

I decided to look up alligator attacks just toale sure I wasnt wrong about them bothering people and on my state there's been 6 attacks since 2016,all fatal, and all old people.

Old people need a Zimmer frame that is a 360

That’ll stop em

😆

Fixed it

The youngest was 68 the oldest 88. Alligators really just wanna be the only dinosaurs around haha

@stoic quarry I'm pretty sure I typed it correctly from the beginning. But something happened, it still said 404? That's probably why you got pinged.

I’m making this my new phone background

/J

It took me so long to get the joke 🤣

I’m so tired

Take a rest and you will be fine soon

congrats KGB you fully deserve the mod role for sure

fits like a glove

Doesn't it just

Who can I dm about unsolicited DMs while scrubz is in an exam.

How to start a bug bounty career ?

use /report

./report maybe

idk

Requires a message ID but just post the message ID for your one (#general message) and explain in the comments

Join hackerone ond start:)

https://discord.com /channels/521382216299839518/680459914828972076/1371403687175520286

you can ask #site-support

That's more for the site itself

It’s weird because I copied the username but it’s not coming up

They might've left the server

I see

I found them

It’s done

https://tenor.com/view/guns-up-mafia-thats-how-it-works-the-godfather-gif-4653709131293521964

I’ve recently read blogs and spoke to some people about this. They’re saying it’s really hard to get into and the pay is quite low for the average hacker.

They’re saying most of the biggest hackers take the most pay.

its nice for something on the side but i think its hard to get a full time pay out of it

Yeah they were saying to get a full time job. You can’t depend on bug bounty

You're just hunting down bugs and hoping no one else has found it, written a better report, or chained other bugs together. It's in no way a steady and stable job.
There are people who have won 1mil on HackerOne, but that's not an achievable goal for someone who has just started out. You can't realistically support yourself on the hope that you get a nice paying bug bounty.

Its good learning tho

Someone found a pretty massive vulnerability with the McDonalds (india) ordering. You could order any amount of food, to any location, for ₹1.

They paid him $100 in gift cards or something

Sadge

if you bug bounty the dutch government you get a tshirt, with this text: I hacked the Dutch government, and all I got was this lousy T-shirt.

https://eaton-works.com/2024/12/19/mcdelivery-india-hack/

That’s the bare minimum 🥲

This is all he got

That’s crazy

its still 20k rupees

idk if thats alot

It doesn’t even look nice

That's true, at least they gave him something (and approved the blog post, which is an amazing read)

Rather than like

Trying to sue him or get him locked up

July 20 - November 12 for 240 USD. That's not a sustainable income

That’s true. People who are hacking ethically to help shouldn’t ever be locked up.

100%

hey can i ask quick question? its not a help but just for information, does it still has to be in room-help? XD

I think it's an amazing writeup and arguably the blog post is worth more than the amazon gift cards, but yeah, TLDR: You can't live off of bug bounties

Just ask broski you'll be all good

if you find a bountry could you after reporting go back to check if it still exists

if they dont do something with it for example

or it takes forever

Report it again 😆

Then report it on an alt

When Using repeater on bastion hosting website for checking for SQLi, i though it might be good idea to try out more sql injection for practice besides from guided steps and here are the resuling table names, are all these actually tables??

ALL_PLUGINS,APPLICABLE_ROLES,CHARACTER_SETS,CHECK_CONSTRAINTS,COLLATIONS,COLLATION_CHARACTER_SET_APPLICABILITY,COLUMNS,COLUMN_PRIVILEGES,ENABLED_ROLES,ENGINES,EVENTS,FILES,GLOBAL_STATUS,GLOBAL_VARIABLES,KEYWORDS,KEY_CACHES,KEY_COLUMN_USAGE,PARAMETERS,PARTITIONS,PLUGINS,PROCESSLIST,PROFILING,REFERENTIAL_CONSTRAINTS,ROUTINES,SCHEMATA,SCHEMA_PRIVILEGES,SESSION_STATUS,SESSION_VARIABLES,STATISTICS,SQL_FUNCTIONS,SYSTEM_VARIABLES,TABLES,TABLESPACES,TABLE_CONSTRAINTS,TABLE_PRIVILEGES,TRIGGERS,USER_PRIVILEGES,VIEWS,GEOMETRY_COLUMNS,SPATIAL_REF_SYS,CLIENT_STATISTICS,INDEX_STATISTICS,INNODB_SYS_DATAFILES,USER_STATISTICS,INNODB_SYS_TABLESTATS,INNODB_LOCKS,INNODB_MUTEXES,INNODB_CMPMEM,INNODB_CMP_PER_INDEX,INNODB_CMP,INNODB_FT_DELETED,INNODB_CMP_RESET,INNODB_LOCK_WAITS,TABLE_STATISTICS,INNODB_TABLESPACES_ENCRYPTION,INNODB_BUFFER_PAGE_LRU,INNODB_SYS_FIELDS,INNODB_CMPMEM_RESET,INNODB_SYS_COLUMNS,INNODB_FT_INDEX_TABLE,INNODB_CMP_PER_INDEX_RESET,user_variables,INNODB_FT_INDEX_CACHE,INNODB_SYS_FOREIGN_COLS,INNODB_FT_BEING_DELETED,INNODB_BUFFER_POOL_STATS,INNODB_TRX,INNODB_SYS_FOREIGN,INNODB_SYS_TABLES,INNODB_FT_DEFAULT_STOPWORD,INNODB_FT_CONFIG,INNODB_BUFFER_PAGE,INNODB_SYS_TABLESPACES,INNODB_METRICS,INNODB_SYS_INDEXES,INNODB_SYS_VIRTUAL,INNODB_TABLESPACES_SCRUBBING,INNODB_SYS_SEMAPHORE_WAITS,people

I think some rooms have hidden objectives.

That looks like tables yeah

so many tables

enumerating all of them sounds tedious

If this is related to another CTF we cannot help 🤓

hello

wassup

https://mariadb.com/kb/en/information-schema-innodb-tables/

Looks like standard schema for mariadb

it is not CTF not related to room task either

just wanted to learn sql more for injection

sql is a very nice to skill to have imo

and enumerate Tables and their columns, but in room they already gave table name and columns walk through

If you see a common term (LIke INNODB) just search it up and you'll find if it's standard/documented somewhere

OHHHHH thanks, didnt knew that

Gave +1 Rep to @stoic quarry (current: #244 - 33)

especially with all the things based of sql: kql, eql etc

https://tenor.com/view/battle-chicken-laugh-street-fight-cat-gif-14649724

poor chimken

Interesting guild tag

man why did they stop guild tags

i mean its a weed, like the plants that everyone wants to get rid off

They didn't?

i heard you can make new guild tags ?

the trashy plants between your tiles

yeah you can its slowly being rolled out i think

Does anyone want some guilds

and you need to have a few boosts i think

yes

okay i am out

I'm having too much fun

i can remove my message

if thats makes the screenshot better

No no no

I was protecting your privacy

its better like this

bro what i ment was they removed creation of new guild tags

Oh Idk

Don't care enough about Discord

fr fr

or at least not about guild tags

until they make an arch tag

then ill be all over that

As soon as something comes out that doesn't have the most cringe inducing marketing and people move to it I'll drop it straight away

remember when nitro was just emojis everywhere and bigger upload

animated banner and gif profile icon

better times

Still annoys me that upload size is something they lock behind a paywall

Take me back to skype

its so dumb

also that the limit used to be like 8mb

idk what it is now

What is it now?

LIke 500kb?

i think it also depends on boosts in the server

That's crazy

yeah here we have 100mb

becuz of level 3 boost

i am down with that

Meanwhile Signal lets me post 2gb files no problem

me uploading google drive links

But sure Discord, give us shiny pixels and tell us how a magical elf tripped over a wire when there's a 500 error

for large files

use zalo

i do like the wumpus

What the hell is a wumpus

https://tenor.com/view/wumpus-cry-sad-gif-21814475

you made him cry

Wumpus is Discord's mascot who appears in branding, easter eggs, stickers, and images throughout the client and website. Wumpus is sometimes used to wave to new users who join a server. It is also prompted when someone starts a new Direct Message.

Imagine if Outlook had a wumpus

outlook would be goated

They gotta make Outlook (New) and Outlook (Legacy) and Outlook (Webapp) all completely different and lacking first

No rooms have been done tdy uni be bs

That's what I'm saying

I have other excuses

Nah what

Why am I here doing assigments of business for some reason and not rooms and brudda here playing 🤣🤣

Do any of you know a good blue team challenge room on thm

guys is using wine or playonlinux cause performance issues ?

Using just wine, yes
Using Proton which builds off of wine: very minimal, sometimes better, or no change at all

so i would be able to play windows games and apps on linux normally ?

Wine isn't built for games, it's built to translate winapi to Linux calls for normal applications
Proton expands off that for all you're graphical side of things

Yes

alr thx

It's also worth checking protondb for statuses of games

Since it is still a translation layer it may not work for everything or be completely stable

in this case why t(luck) will anyone use windows ?

Well are you currently using it?

if so, why?

true i thought linux was limited to games due to easy anti cheat

anyway i realised my laptop is dying and i can't even run tetris lol

it is

(i think)

it is but sometimes actually but

im pretty sure kernel level anti cheats dont work on linux

games who have easy anti cheat r too heavy for my laptop anyway

true

so also no league of legends or valorant etc

no league of legends 😭

haha

i can just run a vm

league of legends is light and won't lag on a vm

• i fucking hate valorant

that game full of hackers already and think easy anti cheat will help lol

well actually 🤓 it uses vanguard

my man

that game is not fun

fr

it uses battle eye too

I used to love valorant

...

And apex

I was addicted tbh

u love apex ;-;

apex was good back in the day

I haven’t played pc games for a year

i used to be addicted to fortnite

lol

thats even worse ngl

fr

worse then valo

i realised fortnite also sucks

I played some Fortnite a while back I can’t build

I made a race track on custom and quit

i played one game back when it was hype but my pc couldnt run it and i never touched it again

ahhaha i was the best builder among my frnds back then

hello there

Fortnite is great

how is everyone doing

u play fortnite ?

great ?

Yes.

oh alr

Great, What about you?

i stopped when they dropped the OG update people say i gotta try it

Did you do your exam?

great thank you

Gave +1 Rep to @errant fossil (current: #241 - 34)

Og is good.

I play zero build.

Done and dusted.

How do you think it went ?

I used to play build i never played zero build btw

Really well.

zero build ftw

That’s great

what exam ?

Im studying firewalls and I found something called windows firewall by malwarebytes

lol

kinda worst firewall u might ever see

it blocks the app and allows the virus LMFAO

is it worth doing tryhackme rooms?

It looked sus tbh. I found a guy on YouTube talking about C2.

it isss

or are they old patched methods

I thought scrubz may of heard of it though because malwarebytes

it depends on what you wanna learn

ye ofc for a started u gotta go there

but if ur mastered or smth there r better rooms some where else tbh

I lowkey got plans from Scammer Payback

LOL

It looks fun to mess with scammers

lol

ye but with out verification from a federal src it's illigal

ohhh

so these guys make illegal videos??

nope

are they involving feds?

people like scammer payback actually works with some people

in fact he has some feds working for him across the world

damnnn

rolemodel frl

scammer payback uses some ways like reverse connection most of time due to dumb scammers so it's ez if u wanna learn it

he has connections with anydesk i think

bro what

anydesk

lmfao

nope he doesn't

https://en.wikipedia.org/wiki/Scammer_Payback

They've done stuff in the AnyDesk offices lmao

Yes they do

His team worked with AnyDesk: a Remote Desktop access software to ban over 2,000 AnyDesk Login IDs.

any desk pays him for using thier service for goods and he actually rly advertized using any desk by his vids

Scammer payback is illegal, please don't discuss/promote. 🙂

is it easier to start on windows os or linux

i think linux is more flexible or?

Use case?

anydesk was used quite a bit in general cyber attacks

reverse engineering

lol scammer payback works with feds mate but doing what he does without verification is highly illigal and we don't promote that

Both are good.

Doesn't make it legal?

ofc it's not if it's illigal he wouldn't post that

laws applies for everyone

🙏

like if ur a scammer

its not a valid reason

to hack you

ykiwm

It's still breaking a law

exactly

Grey hat n all

if u interacted with a scammer here is what u can do: just waste thiere time (one valid reason to hack them is collect evidence only no actual harm)

I use both Windows and Linux, they have their use cases.

still

wouldnt the collection of evidence here be illegal?

since you are hacking them

Sup

can you give me example cases?

You can't hack them regaldless of the intention.]

cuz im a newbie

i don't know that much

Windows for dynamic, learn the behaviour of the applicaiton.

Each has their own tools, I'd boot up my VM, but I don't have them on this laptop (they're at home)

ahaa

ur helpful i like this server

❌ What You Should Not Do
❌ Hack their systems (violates laws, even if "justified").

❌ Dox them or publish personal info without legal approval.

❌ Engage emotionally or provoke them.

❌ Pretend to be law enforcement.

even doxing them is illigal

i just hang up

easiest solution

I don't bother answering.

but people like scammer payback has legal approval

If I don't know the number, I won't answer, that is if the phone doesn't block it.

is hacking cctv illegal? "skidding actually"

here they use spoofed dutch numbers so it could be like someone from work calling me on my personal phone

like the other question u have legal approval ?

no

they got no clue

so no :>

but it's a public ip though

My contract is hilarious, I use an average of 10 min(s) on calls, and 6 texts.

Data? Don't ask.

even if they have no clue as a person u should have morals

haha getting that is quit ez when dealing with scammers but don't do that lol

Don't even pick up call 🤙🏻

hahaha 🤣

@muted bough We're all already off to a really rocky start, let's not rock the boat.

bro I would most definitely get myself hacked at the end of the day

alr xD

haha

btw why were u mad of me yesterday ?

i dont think its technically illegal (this ofcourse depends on state and location) but its unethical for sure

and might violate privacy laws. Actual hacking == illegal tho

I see

no permission not legal

not yours dont try it

i asked jabba before about something like this but i dont really recall the answer

so hacking is in general illegal without permission

I'm not mad at you, I'm just moderating the server so a peaceful, ethical and legal conversations are happening. 😄

scrubz can i send you a dm? since i think jabba said not to discuss that certain site in here

thx for ur help ❤️

Gave +1 Rep to @sick lance (current: #2 - 3723)

You might need to friend request me first, but sure.

you can remove me after id youd like

damn using == to say equal to in normal chat (Expert guy)

My final year project Report cost me 1.5x more than the project

there is smth wrong lol

No issues with you being on my friend list, lol.

I don't remove anybody.

after I saw the deepseek coding ability, i had no more motivation to learn coding/hacking since an AI can do it for me lols

fr fr

is it better to work with ai or mixed (ai and personal knowledge)

Human coders are still far above AI and will be for a long time

ai can be nice

for stuff such as understanding errors etc

exactly

haha no AI till now can rly hack even people who say "Cyber security is done due to worn gpt and etc... 🤓"

Hacking..neh...AI isn't even that great at Cryptography yet ... remaining stuff is far away

what is DoS considered as?

hacking or just disturbing

An Attack?

yaes

Attack and illegal

and coding to btw well actually AI is good at frontend (better then me 😭 )

Ya

I'd agree 💯 🤭🤣 me too

DOS may get down a weak network btw so it's illigal

😂

I'm a design student ..and I am not good at front end (of websites tho) ..rest I'm ok-ok

I used to test my DoS tools on my friends (with permission btw)

coded with deepseek

Still not the place to discuss here

worked good actually

what tools did u use ?

https://www.cps.gov.uk/legal-guidance/cybercrime-prosecution-guidance#:~:text=Cyber-dependent crimes fall broadly,of Service (DDOS) attacks.

these have big words but it was the first result

I hate that link 😭🙏

We don’t discuss the use of tools for illegal actions

oops

alr :>

Not to be discussed here btw ..only for the advanced channels

yeah same

what advanced channel we can discuss tools ?

You got to reach legend (tldr)

Unlocked after Rank 0xD (Legend) or if done any Certs like OSCP, EJPT etc

Rank on thm

thx

Gave +1 Rep to @sharp citrus (current: #65 - 138)

I'll be starting my first Cert this week ...excited

I wish you good luck

This is illegal.

HOw

raaaaaaah

my rep

I doubt your friend owns the network equipment,

Thx 😊

Gave +1 Rep to @upper knoll (current: #141 - 60)