its ethical platform.
#general
knotty pendant
hollow shard
oh ok
inner bloom
send you req?
yea
digital estuary
tight trout
why
hollow shard
what to do after the presecurity
cosmic pendant
Go watch NetworkChuck on IP networking
digital estuary
what is going on today
cosmic pendant
Nothing good
tight trout
what is going on today
average weekend stuff
primal ether
hi
digital estuary
hi
knotty pendant
digital estuary
average weekend stuff
we are hitting bad rolls on the slot machine today (people keep asking for unethical tutorials)
cosmic pendant
#QuickBansFTW
primal ether
im kinda just getting started learning hacking and damn why is it so hard to find where to even start lol
cosmic pendant
have you heard of youtube?
thorny prawn
Check Windows API documentation its basic knowlege bro
digital estuary
im kinda just getting started learning hacking and damn why is it so hard to fin...
go for the free roadmap or if you're subscribed follow the premium ones
also take notes since this field is quite large
tight trout
im kinda just getting started learning hacking and damn why is it so hard to fin...
also i love your bio lmao
elder egret
but youtube regulations are top secure for the user ...so its important info is protected by their guidelines
primal ether
im taking a cybersecurity course too, next year (in a few months) we'll be learning some ethical hacking but idk i still need to learn how to code
cosmic pendant
but youtube regulations are top secure for the user ...so its important info is ...
Why do you feel so confident in saying such stupid things?
Please stop
elder egret
cuz thats what i need
cosmic pendant
You don't know what you need
digital estuary
im taking a cybersecurity course too, next year (in a few months) we'll be learn...
having programming knowledge is good
helpful for automating some boring stuff (python!)
and other stuff
half badge
sup people
blissful current
elder egret
You don't know what you need
so what can u make me learn ? ( point that made me dumb)
primal ether
having programming knowledge is good
helpful for automating some boring stuff (p...
yeah i been trying to learn python but idk what to even make with python or what i wanna make
digital estuary
yeah i been trying to learn python but idk what to even make with python or what...
honestly make anything
even simple things
like a calculator
primal ether
ooh alr ty
fleet pivot
a couple hours from now im gonna have to do very hard work for hours
digital estuary
just anything that can be fun, or helpful
blissful current
a couple hours from now im gonna have to do very hard work for hours
K
tight trout
so what can u make me learn ? ( point that made me dumb)
check out #start-here to get started learning
digital estuary
a couple hours from now im gonna have to do very hard work for hours
good luck ๐จ
fleet pivot
i thought it was cool
crystal mauve
a couple hours from now im gonna have to do very hard work for hours
What a sentence
mighty river
When you make things, how do you create a portfolio to store them in? I've read you make a Github account and you can store it in there #completebeginner
blissful current
blissful current
i thought it was cool
Which field?
fleet pivot
Which field?
deez nuts
crystal mauve
Whatโs deez nuts
blissful current
Aight ...that's how u wanna talk
agile mica
When can i join general call?
digital estuary
When can i join general call?
verify
agile mica
ty
fleet pivot
Aight ...that's how u wanna talk
cybersecurity
digital estuary
refer to this @agile mica
blissful current
cybersecurity
Too late
digital estuary
@blissful current thanks for beating me on the /docs showdown LOL
twin ridgeBOT
Gave +1 Rep to @blissful current (current: #103 - 82)
blissful current
<@428185049586860032> thanks for beating me on the /docs showdown LOL
Nah probably urs is first
ripe cosmos
should I go to sleep?
digital estuary
yeah but mine is for getting student discount w/o student email
blissful current
I typed wrong at first before sending it
digital estuary
should I go to sleep?
how many points
if you got enough points that no one will be catching up go sleep
fleet pivot
I typed wrong at first before sending it
yo bro
ripe cosmos
if you got enough points that no one will be catching up go sleep
I'm ahead by about 450 points
foggy terrace
hey guys anyone got idea on how can edit a video stream and youtube won't detect it as copy right?
fleet pivot
I typed wrong at first before sending it
its a joke
tight trout
hey guys anyone got idea on how can edit a video stream and youtube won't detect...
why
sand trench
summer games done quick event has started
digital estuary
I'm ahead by about 450 points
round it up to 500 points ahead and you good
blissful current
should I go to sleep?
sand trench
go enjoy some games being speedrun
fleet pivot
u dont have to take it so serious๐
blissful current
its a joke
Ya am chill
crystal mauve
no, you;re suppose to responde deez, and they say deez what?
blissful current
crystal mauve
and then u follow / deez nuts
fleet pivot
no, you;re suppose to responde deez, and they say deez what?
yea but it can be used like that
crystal mauve
no thats how its always been and will always be
digital estuary
alright guys time for me to go take a big break see you guys
fleet pivot
no, you;re suppose to responde deez, and they say deez what?
i remember doing that so many times
digital estuary
tight trout
fleet pivot
<:AiriPopcorn:770091491409657886>
no this kid is here
foggy terrace
hey guys anyone got idea on how can edit a video stream and youtube won't detect...
still on this?
tight trout
still on this?
why pt2
blissful current
fleet pivot
mornin karma
bro
tight trout
don't understand you man
why do you want/need to know that?
fleet pivot
why do you want/need to know that?
u think ur slick
fleet pivot
while ur not
blissful current
I think I'll read the Manga itself can't wait for 4 weeks for the remaining 4 episodes ffs
fleet pivot
I think I'll read the Manga itself can't wait for 4 weeks for the remaining 4 ep...
who?
foggy terrace
why do you want/need to know that?
wanna start a youtube channel base on others cotents
tight trout
wanna start a youtube channel base on others cotents
that sounds like copyright infringement
which is against youtube's ToS
tight trout
and law in places where the copyright is held
blissful current
Takopi's Original Sin
foggy terrace
which is against youtube's ToS
that's why i don't want to get detected anyway
tight trout
that's why i don't want to get detected anyway
we can not help you break laws
mossy river
Itโs ToS, not law, but is unethical
gusty inlet
wanna start a youtube channel base on others cotents
Against Youtube's ToS. This will not be allowed in here. Please do not mention it.
tight trout
Itโs ToS, not law, but is unethical
would it not be law if it was something like music for example? due to copyright laws
foggy terrace
<:facepalm:689626579500138554>
this sucks man
gusty inlet
You have been walking on a very thin line for the past few days. This will be your final warning. Next time, it will be a ban.
tight trout
this sucks man
mhm yeah
brave spire
Googoogagaga!!!!
fleet pivot
You have been walking on a very thin line for the past few days. This will be yo...
huh
blissful current
tight trout
Googoogagaga!!!!
hiya dot, how's it going
fleet pivot
You have been walking on a very thin line for the past few days. This will be yo...
oh i think this is for someone else
foggy terrace
You have been walking on a very thin line for the past few days. This will be yo...
Are you an admin or what?
fleet pivot
Are you an admin or what?
are you blind?
blissful current
Are you an admin or what?
Mod
brave spire
hiya dot, how's it going
Lalalalfifififififafafafadomdomdomdom!
fleet pivot
this kid is stupid
worn plank
@foggy terrace Just come up with original ideas. Nothing is truly original anymore, but try it. Take inspiration, not one-to-one ideas from others.
gusty inlet
oh i think this is for someone else
You were not pinged.
tight trout
Lalalalfifififififafafafadomdomdomdom!
real
fleet pivot
cannot u see the role
blissful current
fleet pivot
You were not pinged.
everything u know i know
brave spire
real
Gaga.
@waxen radish hey buddy, sorry for disappearing last night, I ended up showering and going to sleep.
Did you resolve your issue?
mossy river
would it not be law if it was something like music for example? due to copyright...
I would say yes, apologies I didnโt actually read what their request was, however I wouldnโt really know if itโs a copyright violation
blissful current
Aight good night y'all, gotta wake up early for office ...Monday FFS
tight trout
Aight good night y'all, gotta wake up early for office ...Monday FFS <a:AMfubuki...
night!
mossy river
Btw @foggy terrace I recommend in future I recommend that if you are streaming in OBS to set the music onto a different channel, which means using most editing software you can replace the music with your own copyright free
foggy terrace
Btw <@1217177180493058140> I recommend in future I recommend that if you are str...
ok
mossy river
If you want to split your outputs it makes it a lot easier
Your microphone for input, game capture with audio capture on a specific application, Discord/ other voice comms and then set your music to an output channel if possible
If itโs in a game you might have problems unfortunately
mossy river
@brave spire ?
brave spire
<@1223233477340696637> ?
Sorry, I don't know what happened.
round onyx
fine mom!
quick blaze
Aight good night y'all, gotta wake up early for office ...Monday FFS <a:AMfubuki...
the vc is active :o
mighty cedar
hi, im new to ethical hacking but want to learn batch files, anyone know any good channels or ways to learn it?
mighty cedar
hi, im new to ethical hacking but want to learn batch files, anyone know any goo...
?
tight trout
broken plaza
I think this is enough for today considering i got my first cert now finally
round onyx
*headpats*
Crossplane V8 idle noises
mighty cedar
recommend looking around and finding stuff that works for you
any recommendations/ suggestions?
tight trout
any recommendations/ suggestions?
personally i like looking up stuff on duckduckgo, but google works for others
i haven't done batch files before, but that's how i would approach it
brave spire
There are search engines in this world that gives you exactly what you're looking for.
And it's not Google.
blissful current
https://tenor.com/view/suisei-%E6%98%9F%E8%A1%97%E3%81%99%E3%81%84%E3%81%9B%E3%8...
blissful current
Office is fine ...just tired from waking up at 5am everyday
tight trout
*Crossplane V8 idle noises*
anyways zombie go sleep
tight trout
helloworld ("print")
10/10
brave spire
What the fudge!!
blissful current
helloworld ("print")
nohtyP
clear jackal
I would say yes, apologies I didnโt actually read what their request was, howeve...
In the US, you'd need to meet the criteria for fair use, to legally be in the clear. That does not mean someone can't take advantage of YouTube's DMCA Takedown system or your time in a courtroom.
brave spire
printhello ("world")
quick blaze
Office is fine ...just tired from waking up at 5am everyday
sleep early bruh wth
blissful current
sleep early bruh wth
mighty cedar
world ("worldhelloprint")
quick blaze
<:NotLikeThis:689847725969244171>
if you're waking up at 5 just try and get at least 6 hours
brave spire
I'm going to work on my own language in the future, it will be called "Shit me not (SH)"
tight trout
if you're waking up at 5 just try and get at least 6 hours
that's like the max i look for
quick blaze
that's like the max i look for
not healthy
tight trout
not healthy
quick blaze
mate i used to have a polyphasic sched and it was like 2-4 hours a day max for 2 years straight and that almost killed me
no joke
blissful current
if you're waking up at 5 just try and get at least 6 hours
It's even worse with a stupid roommate who realizes that he has to study for the exam at midnight when it has turned the same date as the exam ...and would turn on all the freaking lights of the room for no apparent reason (including washroom lights)
quick blaze
It's even worse with a stupid roommate who realizes that he has to study for the...
why can't he just study the day before or something ๐ญ
blissful current
why can't he just study the day before or something ๐ญ
Coz he's either busy sleeping or gambling all the time
Very busy person
safe oxide
blissful current
Lol
plain hull
sup
quick blaze
Coz he's either busy sleeping or gambling all the time
Very busy person
blackjack!?
blissful current
He has an exam ..hence ruined sleep tonight
rapid merlin
safe oxide
crystal mauve
i use to play a bit of hold em
loud orbit
Hey guys can I have help or advice
blissful current
https://www.youtube.com/watch?v=7cAzgUIKI68&ab_channel=JHUPoker
loud orbit
Iโve started learning terminal with network chucks playlist on the 2nd video now,when would he recommended I can move to python ?
I wanna hack and script and stuff
blissful current
ipl betting won me 100 rs once
Great
blissful current
Never tried ..won't do
blissful current
My roommate does that shit daily
broken plaza
My roommate does that shit daily
Winzo and xrabet imsure
or Dream11
the worst one
blissful current
Nah some non play store available one
broken plaza
Nah some non play store available one
that's even worse ๐
blissful current
blissful current
Looks like neh ...he's been doing that since a lot
broken plaza
Looks like neh ...he's been doing that since a lot
i bet he lost a ton
like in lacs if it totals
crystal mauve
whats IPL? i havent used gambling sites since 2011
broken plaza
whats IPL? i havent used gambling sites since 2011
it's called Indian Premier League
crystal mauve
ohhh
broken plaza
it's a sprots championship and is very big
blissful current
like in lacs if it totals
Ya but mostly he stays like neutral
safe oxide
Cricket tournament
broken plaza
Ya but mostly he stays like neutral
oh lucky person then
blissful current
oh lucky person then
Apart from that he smokes some cheap shits multiple times a day worth 50โน ...that too half of the time on borrowed money
broken plaza
Apart from that he smokes some cheap shits multiple times a day worth 50โน ...tha...
wtf ๐
is he even employed?
blissful current
is he even employed?
Neh
broken plaza
Neh
๐
i mean with that level of confidence if he knows what he is doing could lead him to somplace much better
if he chose right path
blissful current
His dad is DSP or something in police ...smokes his money
ripe sleet
broken plaza
His dad is DSP or something in police ...smokes his money
that explains a lot
i have a frnd
who's dad is in HPCL some manager post
soft vortex
touch the ground guys
broken plaza
my guy was a good and healthy till he attended school with me.
blissful current
touch the ground guys
blissful current
my guy was a good and healthy till he attended school with me.
broken plaza
he literally doesn't cares about himself and even recently started smoking as well with his frnds
blissful current
Sed
hearty otter
how u doing people
broken plaza
and he choose commerce btw as future so u can guess what he is doing rn
broken plaza
how u doing people
hi im fine wbu ๐
hearty otter
all good
hearty otter
your username looks like a flag
broken plaza
kind of, try translating it
blissful current
and he choose commerce btw as future so u can guess what he is doing rn
Damn
hearty otter
no idea
hearty otter
crazy thing
quick blaze
My ๐ has decided to sleep with me tonight
blissful current
Idk how she's even sleeping so sound in the light and noise pollution by my roommate
quick blaze
Idk how she's even sleeping so sound in the light and noise pollution by my room...
karma how much do you pay for your rent? ๐ค
left lake
hey guys i am really in need for someone to help me retrieve an hacked account
blissful current
karma how much do you pay for your rent? ๐ค
Yearly 1Lakh at my current PG
Including food
blissful current
Yeah
quick blaze
blissful current
Around that much I guess
blissful current
Until next year then I'll have to pay that too from my own money ..and more than this coz I'll be shifting someone close by to my office ...it will be slightly expensive from here
quick blaze
how far away is your current office
blissful current
42-43km
blissful current
quick blaze
how long does it take for commute
blissful current
1.5-2hr early morning less traffic 2.5-3hrs while coming back in more traffic
quick blaze
1.5-2hr early morning less traffic 2.5-3hrs while coming back in more traffic
.....4-5 hours of your day gone just for travel
blissful current
Yeahhh
quick blaze
blissful current
Atleast free transportation is there but till like 38km...rest I have to take bus ๐
Bangalore, India
safe oxide
Wel karma can say to his children
I ventured alot in my youth
knotty pendant
boreal scarab
@lone thistle @shut hawk RoN?
quick blaze
<@106094485129162752> <@302122762858921984> RoN?
rise of nations?
boreal scarab
rise of nations?
Ready Or Not
quick blaze
Ready Or Not
fudge
ripe sleet
Supposedly it's mostly negative on PC now
shut hawk
<@106094485129162752> <@302122762858921984> RoN?
i dont have it haha
boreal scarab
i dont have it haha
ripe sleet
It's
hidden lantern
hiow to jolin vc
ripe sleet
uh oh what did they do in the recent update?
Something with censorship on pc
quick blaze
huh?
ripe sleet
Cause it's gonna be released on consoles soon
sharp citrusBOT
ripe sleet
blissful current
@hidden lantern
hidden lantern
shut hawk
what sort of censorship doe
ripe sleet
shut hawk
yeah but this doesn't exactly tell you what specifically has been censored
blissful current
ripe sleet
I'm looking into it now
blissful current
Aight imma try to sleep...anyways hopefully I wake up on time
=
shut hawk
ah ok
inner bloom
ripe sleet
This too
blissful current
<:NotLikeThis:689847725969244171>
Eeper
blissful current
blissful current
Fine , you?
blissful current
Nice
ripe sleet
<:KiraSmoog:1329810864890576926>
Hello!
hidden lantern
HIIII
blissful current
๐ข
ripe sleet
2 fps thm machine pogg
knotty pendant
broken plaza
why is thm machine soo slow these days?
also why do we need more points from 0x8 to 0x9 and 0x9 to 0xA than 0xA to 0xB bruh
broken plaza
hopefully no one catches to me now in the next 4 hours
it was painful to find all info level rooms and grind them a lil.
crystal mauve
lol 3k points
crystal mauve
Copy pasta contest
broken plaza
Copy pasta contest
i hate that shit
idk why they can't just randomly generate flags
broken plaza
instead of using the same thing over and over again
broken plaza
https://tenor.com/view/garfield-spaghetti-pasta-dinner-pasta-day-gif-16727473
u forgot the vomiting of the whole thing part then lol
no one can digest 8k worth of points content in a week
safe oxide
Lol
crystal mauve
Leagues are a good way to stimulate site traffic
broken plaza
Leagues are a good way to stimulate site traffic
interesting but yeah
true
gtg sleep now today was tough.
now i got to make notes of 48 rooms now
because i never made notes before
at least i can peacefully spend the next week revising all leanrt stuff
gn guys cya ๐
worn plank
Holy hell, using hashcat on thm is horrific.
tight trout
cya!
worn plank
Doesn't create potfile, crashes on sha2-256 hash crack, reboots and sends me back to an earlier terminal that insists I check the potfile that doesn't exist. WHEW
celest dirge
Holy hell, using hashcat on thm is horrific.
Using nmap on thm was horrific
Had to wait more than an hour
worn plank
nmap NOOOOOOOOOOOOO. real tho, dude.
It's honestly such a huge ballbuster when you're trying to use these tools, and then random little blips in the network, the program, etc. end up making it harder.
Having said that, I'm glad I don't have to run some of this hashing stuff on my poor little laptop.
kindred wadi
Can I join voice channel
worn plank
I believe you need to be verified for that, Zindagi.
kindred wadi
How I can verify
sharp citrusBOT
@kindred wadi
mighty cedar
back
twin ridgeBOT
Gave +1 Rep to @safe oxide (current: #222 - 39)
safe oxide
<@853654424974655528> Thanks for doing that. I wasn't sure how.
Np m8
knotty pendant
I see the final destination bloodlines tower
mighty cedar
hopefully no one catches to me now in the next 4 hours
What website is that
safe oxide
What website is that
Tryhackme
pallid lotus
Holy hell, using hashcat on thm is horrific.
What do you expect running it on a lightweight AWS instance with no GPU lmao
If you want anything even remotely approaching performance you need your own gear
worn plank
What do you expect running it on a lightweight AWS instance with no GPU lmao
I know. I acknowledge that these virtualized systems aren't going to run as robustly as physical/dedicated machines that are local.
pallid lotus
Understatement of the year ๐
worn plank
HAHAHAHA.
Probably.
I'm still new to this side of the world, trying to get a reasonable foothold.
pallid lotus
Hashcat is designed to work with a GPU. It will fall back to CPU grudgingly these days, but it ain't gonna be quick.
worn plank
Which makes sense. Thinking about the way that people mine bitcoin, I feel it's basically the same idea but at a larger scale.
pallid lotus
... Especially when the CPU is some virtualised processor with about 4 cores max
worn plank
Bro, did someone say QUAD-CORE? Big if true.
pallid lotus
Which makes sense. Thinking about the way that people mine bitcoin, I feel it's ...
Pretty much, yes. It's all about distributed calculations.
GPUs have thousands of cores and can do thousands of those calculations simultaneously
Modern CPUs have about 64 on average, and low powered AWS instances have a fraction of that.
Sorry, 64 threads. Should be specific.
pallid lotus
And that might be being generous too. I'm used to server hardware just now.
worn plank
Ahhhh, that's a whole different animal, for sure.
The first time I got to see one of those massive database servers, the ones that are submerged in water... I realized just how little I knew about computers. Naturally, you know WAY more, so that wouldn't come as a suprise to you.
pallid lotus
Submerged in water is an interesting way to do it
polar spoke
Holy hell, using hashcat on thm is horrific.
what's the problem?
pallid lotus
Not quite what people usually mean by water cooling, but fair enough
scarlet nimbus
Submerged in water is an interesting way to do it <:kekw:658061932577816606>
Hello, can I ask you something about sentinel rooms?
worn plank
It was uh. A huge RAID server? I don't remember the details. This was being explained and shown to me by a customer from work, who had full pictures of these things where they would submerge the entire server in these special salinated tanks that would prevent conductivity but keep the temperature under control.
I want to say it was a Microsoft thing, but I really don't remember. This was 6 months ago.
pallid lotus
what's the problem?
Without spinning one up to check, I would guess the Attackbox is a t3a.medium EC2 instance. Might be being generous: t3a.small maybe.
chilly veldt
t3a.micro or t3a.small depending on subscriber or not
polar spoke
sure, but it should still work in theory, as long as a compliant runtime exists
we're talking 2 cores, 1gb of RAM
so it's going to suck
but i dont think it should outright fail to run
worn plank
what's the problem?
I was having problems where, after generating a cracked hash, I would attempt to re-run it with different parameters (i.e. -a 3 vs -a 0) and it would simply tell me that it was saved to the potfile, but no such potfile exists, and now you can't rerun the same hash.
polar spoke
the potfile does exist
chilly veldt
--show
polar spoke
it just doesnt exist where you were looking
hashcat -II to check location of all the files
worn plank
I tried checking in ~, I also used Find ~ "hashcat.potfile" to look for it. I must have been doing that all wrong.
polar spoke
best guess, the attack box has some "installed" hashcat package
and it puts it somewhere else
probably in ~/.hashcat/ if i had to guess
worn plank
I tried checking for a directory by that name, and it stated no such file or directory exists.
shut hawk
can you send us the history file?
worn plank
I even tried cd ~/.hashcat/ and it refused. I'll try that command, thank you.
polar spoke
but really you dont need to navigate to the potfile
shut hawk
so we can see what commands you've tried
worn plank
I was unable to use --show successfully, so that's why I resorted to other methods.
tight trout
does hashcat not show the passwords by default?
worn plank
I can see if I can find the history file, but I've now run three separate instances to clear the cache I'm working with on the other end.
worn plank
Yeah, let me see.
shut hawk
If you've restarted the attack box then it will have wiped it
worn plank
If I just do "hashcat --show" it gives me usage. I had no further info to work with (at present time, still don't), so I got nothing.
pallid lotus
sure, but it should still work in theory, as long as a compliant runtime exists
Aye. Sounds like it runs... poorly lmao
polar spoke
If I just do "hashcat --show" it gives me usage. I had no further info to work w...
you have to add --show to your existing command
pallid lotus
Hello, can I ask you something about sentinel rooms?
Sentinel?
worn plank
Ahhhhhh.
polar spoke
you must tell hashcat what hashes you are asking it to show you at least
pallid lotus
It was uh. A huge RAID server? I don't remember the details. This was being expl...
Yeah, that's overkill for most things ๐
I've got a bunch in my office rack. They're not overly fussed.
worn plank
So that's where I went wrong. I was having some appending issues with the command format, too, so I was getting kind of frustrated. I've since been able to extract all the info I needed without an issue. It was just that initial pain point, which the more we talk about it, the more I realize that it was just user error and I need to pay more attention. I appreciate the feedback/help though. Talking through this and the information provided has actually helped me a lot here.
worn plank
Yeah, that's overkill for most things ๐
I've got a bunch in my office rack. Th...
No doubt at all. I'm not sure what they were using those supercomputing servers for, so I'm sure there was a good reason that I simply can't articulate. ๐
polar spoke
If I just do "hashcat --show" it gives me usage. I had no further info to work w...
for more info on this specifically
bleak quartz
holy fuck active directory is so fun
worn plank
https://hashcat.net/wiki/doku.php?id=frequently_asked_questions#how_can_i_show_p...
Brilliant, thank you.
twin ridgeBOT
Gave +1 Rep to @polar spoke (current: #137 - 64)
shut hawk
Can you do hashcat --show $hash?
pallid lotus
holy fuck active directory is so fun
Wait until you try securing an ancient forest in a corp. You'll want to shoot yourself lmao
worn plank
I'll try it.
polar spoke
Can you do `hashcat --show $hash`?
well, kinda
but not really
you need to tell it what kind of hash it is
shut hawk
Fair enough
quick blaze
@marsh lark
polar spoke
minimum should really be hashcat -m # $hash --show
but autodetect may get you past that requirement for -m
shut hawk
I fucked myself over with Hashcat on windows because I added it to the PATH, then realised you have to be in the Hashcat folder to actully have it run, so create a batch script to do that and have that be on the PATH instead. Then when I ran it with relative paths, of course it couldn't find the path in the folder where I called it from
polar spoke
yeaaaaaah
worn plank
Ouch.
polar spoke
hashcat doesnt really like being "installed" on a system
we generally suggest running it from the folder it came in
shut hawk
Yeah, I just have a dedicated folder for it now which I just cd into every time
polar spoke
so it doesnt have to deal with relative vs absolute paths and such
loud marlin
since we talk of hash crack @fleet pivot , any progress?
polar spoke
this is one of the biggest problems i have with whoever packages all the random "hashcat" repo packages
since we dont maintain any of those
any time someone does "apt install hashcat" i die a little inside lol
shut hawk
you maintain https://www.kali.org/tools/hashcat/ this one?
polar spoke
nope
someone random packages all the repo packages
we only maintain the github and hashcat.net downloads
shut hawk
oof
polar spoke
yeah, this is true for a huge amount of tooling
people blindly trust apt packages to be maintained by whoever wrote or maintains the tools
they arent
in like, the majority of cases
and it can lead to SO many issues
we've had people breaking hashcat in all kinds of repos, especially homebrew
shut hawk
yeah I'm guessing they then complain to the author of the tool, not the actual packager
worn plank
@pallid lotus I wanted to ask: you're a Red Teamer, right? Can I ask how you got to that point?
mystic mica
and it can lead to SO many issues
Can confirm
polar spoke
yeah I'm guessing they then complain to the author of the tool, not the actual p...
yuuuuuup
people really really need to understand how often packages in repos are just not what they should be getting
but we continue to tell everyone to trust apt and dnf and yum and brew install
sure, you may not get malware or something from the major repos
but you're not getting what you think you are still
worn plank
Should people be checking the sum of their hashcat or other types of repos to verify against the actual sha value? @polar spoke I feel like this is an insanely stupid question, because the answer is probably a resounding yes... just want your take here, since it's coming up.
polar spoke
imo, no need
simply grab from the github and build
or grab a release from github or hashcat.net
why bother with repos at all
worn plank
Ergo: use the main distribution.
polar spoke
right
look for how your tool's authors are actually distributing it
vs randomly grabbing it from first available
quick blaze
but we continue to tell everyone to trust apt and dnf and yum and brew install
i mean..to look for original packages/installers every time you wanna install something would be impractical no..? isn't that why people just use apt and brew install?
polar spoke
i mean..to look for original packages/installers every time you wanna install so...
sure, it's inconvenient
but this is cybersecurity....
we shouldnt be blindly trusting stuff in the name of convenience should we
worn plank
Ngl I use apt a lot.
quick blaze
we shouldnt be blindly trusting stuff in the name of convenience should we
true, but if the main concern is malware from bad repos then how do you think we should be installing stuff, without it being inconvenient
mystic mica
Tbh, im prolly a pleb compared to y'all i use debian because its reliable and convenient (in my use case at least)
shut hawk
true, but if the main concern is *malware* from *bad repos* then how do you thin...
the main concern isn't malware in this specific case
shut hawk
it's more the problem of installing the tool not the way the authors intended
thereby leading to issues
polar spoke
its that youre getting a package that's following some random persons install scripts or decisions
digital estuary
hi guys
quick blaze
right, i wasn't reading, and if its malware? ๐ค
digital estuary
whats going on
polar spoke
one of the issues we've run into is whoever packaged the hashcat for homebrew for a while just set the directories wrong
worn plank
Install tool from repo -> tool breaks -> author gets yelled at.
That's the gist, Aaron.
digital estuary
hi rain
polar spoke
and so it just didnt work when people did brew install for a while
and they complained to us
worn plank
How's it going, buddy? โค๏ธ
digital estuary
thanks for helping me tune in
polar spoke
and we were powerless to change that
digital estuary
doing good
regaining energy after 3-4 hours of note taking wireshark
polar spoke
because we werent the ones packaging it for brew, someone we have never heard of or interacted with was
worn plank
Not bad, but that's a lot of note-taking for wireshark.
digital estuary
Not bad, but that's a lot of note-taking for wireshark.
i write slow ๐ข
worn plank
because we werent the ones packaging it for brew, someone we have never heard of...
This must be a common issue for application authors when hundreds of repos start spawning, hey?
digital estuary
also i count in big and small breaks
and doing the questions for the related room
shut hawk
Not bad, but that's a lot of note-taking for wireshark.
it goes deeeeep
hearty otter
how do you people not burnout
worn plank
Are you the sort that prefers written vs. digital note-taking, Aaron?
polar spoke
This must be a common issue for application authors when hundreds of repos start...
more common than you think
digital estuary
Are you the sort that prefers written vs. digital note-taking, Aaron?
no i utilize both
physical notes for reinforcing what i study and then i integrate it into obidian md or notion
polar spoke
"why is this tool not working"
"you have some random outdated version?? how did you get that?"
"apt install $tool, duh"
fleet pivot
more common than you think
yo
digital estuary
physical and digital note taking have both best use cases
physical for better "memory" and you always have a physical backup in case your drives go to hell for some reason
digital notes are easier to search (especially in obsidian) and easier to add images,diagrams,etc
worn plank
physical notes for reinforcing what i study and then i integrate it into obidian...
That's really smart.
worn plank
it goes deeeeep
Bruh, I know. The basics were INTENSE.
fleet pivot
more common than you think
are you the ceo of detack inc?
digital estuary
how do you people not burnout
school burns me out a lot
stuff i love hardly burns me out
polar spoke
it would certainly appear that i am in my bio lmao
worn plank
"why is this tool not working"
"you have some random outdated version?? how did ...
Actually, I ran across this with Termux. They specifically state that you should install from F-Droid, where they have their nightly builds and things like that, as opposed to downloading from Google Play Store, where it is more or less deprecated.
polar spoke
Actually, I ran across this with Termux. They specifically state that you should...
yeah, this happens to mobile apps a LOT
because publishing to the major distribution "app stores" is costly and painful
worn plank
I was just about to ask if it was because of costs associated with being publicly available in an "easy-to-find" distribution zone, compared to having it hosted on an open-source platform, i.e. GitHub.
polar spoke
it costs money for app stores, but it also costs time and energy and such for the authors
worn plank
physical and digital note taking have both best use cases
physical for better "m...
I took this approach initially with Python. I would write out code by hand. I quickly learned that's a recipe for carpal tunnel.
polar spoke
we dont maintain every possible repo for hashcat because it's just too difficult
too much time for the team to deal with when we can just publish to github or push releases on our site
worn plank
Hashcat is effectively open-source, right?
polar spoke
it is yeah
worn plank
Hence the repos.
digital estuary
I took this approach initially with Python. I would write out code by hand. I qu...
i did the same when i was little and i was trying to learn cybersec
i dont know what site it was but it was a LONG time ago
and i remember writing everything into a notebook, all uppercase letters
i was essentially copying the entire website and that killed my motivation to study this field
worn plank
Is there any benefit to removing it from the open-source market, or would that significantly hurt the progress of the application?
digital estuary
few years later here i am again, after realizing that this field is the FIELD i love (i cant stand coding)
polar spoke
Is there any benefit to removing it from the open-source market, or would that s...
we are open source necessarily to keep the project both maintained but also licensed for what it's used for
digital estuary
put the laptop screen on the side and that is all i can suggest imo
polar spoke
MIT license across the board with hashcat's code
worn plank
i did the same when i was little and i was trying to learn cybersec
i dont know ...
I, too, wanted to be an epic hackerman with crazy l337 coding skills, and I also killed it (by trying to learn JavaScript at 12 years old).
digital estuary
I, too, wanted to be an epic hackerman with crazy l337 coding skills, and I also...
oh...
thorny prism
I, too, wanted to be an epic hackerman with crazy l337 coding skills, and I also...
i used java for programming at uni and never touched it again lmao
digital estuary
honestly I'd just swap the laptop and one of the screen
yeah this i vouch
looks coolre
cooler*
thorny prism
so laptop + screen + screen
yh it kills me that the screens aren't identical lool
worn plank
we are open source necessarily to keep the project both maintained but also lice...
So, in essence, not all repos are bad repos, but repos don't always result in a happy-happy-funtime "yay development" cycle. Instead, there are loads of headaches, but it's necessary because... what, the license comes for free due to open-source availability?
digital estuary
idk why but it juts does
digital estuary
yh it kills me that the screens aren't identical lool
OH MY GOD I JUST NOTICED THAT
thorny prism
don't repeat it, makes me sad
fleet pivot
that was rude
shut hawk
yh it kills me that the screens aren't identical lool
when you have actual content on the screen it won't make a difference
worn plank
i used java for programming at uni and never touched it again lmao
I necessarily need to learn JS so that I can do some side-project stuff. I hate it.
polar spoke
So, in essence, not all repos are bad repos, but repos don't always result in a ...
repos are just a headache to deal with sometimes
shut hawk
that was rude
Jared, what made you ask the question in the first place?
digital estuary
when you have actual content on the screen it won't make a difference
as long as its the same resolution and same refresh rate
pine cedar
well
fleet pivot
Jared, what made you ask the question in the first place?
idk
polar spoke
So, in essence, not all repos are bad repos, but repos don't always result in a ...
we COULD package and push every version to every repo under the sun, but keeping them all up to date is tough
shut hawk
come on, you know better
fleet pivot
so instead, we push to a central specific location
chickenman
polar spoke
and if someone wants the current code or a recent release, it will always be there
and always be up to date
fleet pivot
so instead, we push to a central specific location
aint no way u a ceo
polar spoke
aint no way u a ceo
๐
digital estuary
that looks nice
worn plank
So, effectively, repo authors should be taking more initiative to keep their versions up-to-date by utilizing your convenient, all-in-one approach to maintaining the main distribution. Ergo... they need to be more on top of things and use common sense.
fleet pivot
and if someone wants the current code or a recent release, it will always be the...
have u reached 7 figures?
empty ember
digital estuary
you could have it configured
vertical screen + screen + laptop
thorny prism
you could have it configured
vertical screen + screen + laptop
yh maybe this
worn plank
They won't, and inevitably some will be deprecated, they will fall off, have issues and then... we return to the main point: you get yelled at. That sucks.
polar spoke
So, effectively, repo authors should be taking more initiative to keep their ver...
It's more that I think repos should be carefully considered by the end user more
realize that what you are getting may not be what the author intended
fleet pivot
It's more that I think repos should be carefully considered by the end user more
do u make 7 figures?
digital estuary
yh maybe this
just make sure to use vertical screen to read notes and other stuff so you dont hvae to scroll as much
polar spoke
as the author may not have been the one to publish it
digital estuary
or do all your silly scripting on it so you feel extra cool
polar spoke
do u make 7 figures?
you would be surprised what I make ๐
polar spoke
What lead you to create hashcat, if I may ask?
I didn't, i'm just a core dev/team member
fleet pivot
What lead you to create hashcat, if I may ask?
๐
empty ember
do u make 7 figures?
digital estuary
or do all your silly scripting on it so you feel extra cool
+5% to better code and code structure
worn plank
Ahhh, okay. I'm not familiar, I apologize.
crystal mauve
Jared please donโt push the chickenman away with your cringey pushy questions
polar spoke
Atom is the one who created it originally
polar spoke
Jared please donโt push the chickenman away with your cringey pushy questions
lol i'm used to it
worn plank
He's definitely making at least $5/month.
polar spoke
He's definitely making at least $5/month.
at LEAST ๐
rapid merlin
hey do we have an encrypter here?
empty ember
Yo stolen crypto doesn't count btw
worn plank
at LEAST ๐
So help me god, if they try to pay you $4/month...
polar spoke
So help me god, if they try to pay you $4/month...
I sign my own paychecks so I'll try not to pay myself that little haha
shut hawk
@fleet pivot Just so you know, it's generally considered quite rude to ask someone's salary. That's quite a personal question.
worn plank
Good, otherwise I'd have to kick your ass for you, because you're a cool guy and you should make a teensy bit more than that. ๐
empty ember
I sign my own paychecks so I'll try not to pay myself that little haha
Wait so like a money glitch irl
thorny prism
im actually surprised how much 0day has used thm, wasn't expecting to see him at #1
polar spoke
Wait so like a money glitch irl
only as far as what the company has in it's bank account lol
empty ember
only as far as what the company has in it's bank account lol
-$3000000 now cuzzo
polar spoke
LOL
rapid merlin
-$3000000 now cuzzo
look dms pls
empty ember
I can't read
shut hawk
@rapid merlin What do you need help with?
fleet pivot
@mossy river can u mute @crystal mauve
harassing me
digital estuary
only as far as what the company has in it's bank account lol
me when i give the ATM a paper bill that says "a bajillion dollars"
worn plank
Are we able to post images in here?
rapid merlin
<@456226577798135808> What do you need help with?
are you the ops?
digital estuary
shut hawk
are you the ops?
the what
empty ember
Are we able to post images in here?
no
worn plank
I'm just saying.
empty ember
I only have liberty reserve sorry
worn plank
ffffff
better watch out, bub, I'm gonna XSS my way into your bank account with a super SQL hack attack
empty ember
show tables;
fleet pivot
<@1231354836981907508> Just so you know, it's generally considered quite rude to...
he wasnโt offended by it
empty ember
aey yo just show me ur tables gurl
worn plank
@polar spoke btw if you're not too terribly busy, are you ever open to short informational interviews?
empty ember
polar spoke
<@254841398103113728> btw if you're not too terribly busy, are you ever open to ...
i dont see why not
gusty inlet
@fleet pivot Where's my hash?
shut hawk
he wasnโt offended by it
Yes, because he's understanding, most people won't have the same reaction
worn plank
i dont see why not
So, my next question: is it alright if I DM you for that purpose?
rapid merlin
Yes, because he's understanding, most people won't have the same reaction
look dms
polar spoke
So, my next question: is it alright if I DM you for that purpose?
yeah sure
worn plank
Great! Appreciate it!
polar spoke
๐
fleet pivot
<@1231354836981907508> Where's my hash?
๐ shit
rapid merlin
anyone here know alot about files and how thier build up pls dm me
shut hawk
you should ask here
mossy river
Harassing members
Can you elaborate?
empty ember
Hydra on blast, multi threaded precision,
Credential collision, brute force with a vision,
FTP, SSH, toss me your submission,
Username spray, dictionary incision.
mossy river
<@270975958511517697> can u mute <@170958240111263746>
harassing me
Iโm going to need details
ripe sleet
Iโm going to need details
Hello Jabba!
crystal mauve
Can you elaborate?
Asking a personal question multiple times, how much do you make, how much how much ? More than 7 figures? How much - received no answer yet continues to ask
harsh wadi
i dont know where to ask this, but how did you guys get into hacking or computer related things
i havent got anything or anyone influence me to such thigns but games and music
rapid merlin
you should ask here
so i bought a programm can show receipt but their encryprted with AES256 and i need a person who can make them work on my pc
crystal mauve
aint no way u a ceo
Starts here @mossy river
harsh wadi
i only heard it or cybersecurity jobs is more flexible and in demand but thats it
didnt have passoin for it yet ๐ญ
empty ember
Auth form login? Use the POST route trick,
Watch Hydra flood requests till the response go slick.
Status 200? That's a win in disguise,
Dropped a reverse shell, now I'm rootin' your mind.
rapid merlin
so i bought a programm can show receipt but their encryprted with AES256 and i need a person who can make them work on my pc
digital estuary
i dont know where to ask this, but how did you guys get into hacking or computer...
for me it was childhood curiosity, i would go through the file explorer and look at random files, play with the settings, etc
harsh wadi
Asking a personal question multiple times, how much do you make, how much how mu...
thats personal there
i might feel annoyed tbh
raw oak
hello guys
digital estuary
i feel like if you try to learn some computer fundamentals, and then try this field out you might find the passion
polar spoke
i feel like if you try to learn some computer fundamentals, and then try this fi...
imo, this is necessary
digital estuary
i thought i had a bigger passion for coding but turns out cybersecurity was the secret passion i had
shut hawk
so i bought a programm can show receipt but their encryprted with AES256 and i n...
we wouldn't be able to do that, you should contact the seller
rapid merlin
we wouldn't be able to do that, you should contact the seller
its encrfypted for safty
rapid merlin
we wouldn't be able to do that, you should contact the seller
its possible i have the acsess code
harsh wadi
i thought i had a bigger passion for coding but turns out cybersecurity was the ...
so i guess i had to dive in myself
i felt kinda lonly for msot thigns i do
but not making music for some reason
i sttart with idea and keep working fowrad it because i can do it
not coding or anything else, have to learn, and some hurdles to get thru
digital estuary
so i guess i had to dive in myself
i felt kinda lonly for msot thigns i do
but n...
just try out coding or cybersec, once you learn the fundamentals obviously
if it sparks interest or a feeling of "yeah im fit for this field" then keep the hard work going
harsh wadi
if it sparks interest or a feeling of "yeah im fit for this field" then keep the...
this is totally different from what i used to
unlike music and art, its everywhere
this? nly behind the scnene
and no one in my family talk or influence me in some way
so im strating from absolute scrath
oh yeah and then there's career
so much path to choose from
i just wanted remote job that pays as much as my wages for now
but still nothing spark for me yet
do i have to wait for it? or make it somehow
but yeah, srry for lots of quesntion
rapid merlin
need someone who is able to encrypt some programms so they work togther
zinc pine
Auth form login? Use the POST route trick,
Watch Hydra flood requests till the r...
keep going
hallow hazel
imo, this is necessary
how did you start out, if you don't mind telling obv
digital estuary
oh yeah and then there's career
so much path to choose from
i just wanted remote...
You need to give the IT sector a try, look online where to start, it all depends on what you want
but for now, learning some Computer fundamentals and basics is what you'll need, especially for this field, because you cant do much
mossy river
Asking a personal question multiple times, how much do you make, how much how mu...
I think โharassmentโ is a stretch; annoying, personal and bullying, yes.
@fleet pivot donโt bully community members into giving you answers to questions. If they donโt answer you the second time, there is a high chance theyโre avoiding the question. Especially personal questions, or topics that are considered taboo.
Part of being in a community is being a positive influence, you need to understand and be aware that if you are making a negative impact (such as by making community members uncomfortable), it will result in extended mutes or even removals. Considering your most recent warning, I would suggest that you reassess why you want to be part of our community ๐
crystal mauve
I think โharassmentโ is a stretch; annoying, personal and bullying, yes.
Fair
chilly veldt
one hour left and I am done with my 17 hour shift ๐ญ
empty ember
Here's some hacker rap bars.
You brag about root? Bro, I am root.
I live inside init, wear the kernel like a suit.
I decompile motive, I hardcode hate,
I reversed your morality and found dead weight.
crystal mauve
Thank you @mossy river
twin ridgeBOT
Gave +1 Rep to @mossy river (current: #6 - 1667)
polar spoke
how did you start out, if you don't mind telling obv
it was mostly just a life long love of computers and needing to solve harder and harder puzzles, which security seems to be the place for
digital estuary
You need to give the IT sector a try, look online where to start, it all depends...
and the harsh truth is if you don't have a spark, how will you ignite a fire?
mossy river
Fair
For the record, I checked with someone who works in law for the definition of โharassmentโ ๐
digital estuary
Here's some hacker rap bars.
You brag about root? Bro, I am root.
I live inside...
harsh wadi
and the harsh truth is if you don't have a spark, how will you ignite a fire?
thats basially stops me
i have no other reason but my livelihood
i guess i need to surround myslef more IT stuff
pallid lotus
Azure sentinel, kql
Any particular reason why you're asking me specifically? ๐
chilly veldt
kql my beloved
rapid merlin
need someone who is able to encrypt some programms so they work togther
digital estuary
thats basially stops me
i have no other reason but my livelihood
i guess i need ...
try to see if there is a spark in this, if not, try something else because im sure there is something out there that you can do remote and genuinely enjoy
you also said you got passion in music right?
pallid lotus
<@650476435269484549> I wanted to ask: you're a Red Teamer, right? Can I ask how...
I got lucky.
Internship on a pentest team + a bunch of certs during my degree. It worked out, although I wouldn't recommend that route. You miss too much.
clear jackal
need someone who is able to encrypt some programms so they work togther
What does this even mean? Why are you repeatedly posting this?
hallow hazel
it was mostly just a life long love of computers and needing to solve harder and...
Awesome, thanks for the answer!
twin ridgeBOT
Gave +1 Rep to @polar spoke (current: #134 - 65)
rapid merlin
What does this even mean? Why are you repeatedly posting this?
bc i need help
harsh wadi
try to see if there is a spark in this, if not, try something else because im su...
yes, but it was more of passion for now
it doesnt really pay the bill unless i force it to
at the cost of my own sanity
digital estuary
What does this even mean? Why are you repeatedly posting this?
summary
they got some program or something and they've been looking for someone good around encrypting/decrypting to help
hallow hazel
I got lucky.
Internship on a pentest team + a bunch of certs during my degree. ...
Interesting, what route would you recommend, and what do you mean by miss too much?
clear jackal
bc i need help
You haven't even asked a question....
thorny prism
I got lucky.
Internship on a pentest team + a bunch of certs during my degree. ...
similar to me on the blue side, degree, internship in DF, full time after uni and then moved into IR
rapid merlin
You haven't even asked a question....
im asking if someone can encrypt some files for me
rapid merlin
Why not do it yourself?
bc its inanly hard and i need someone with the tools for it
empty ember
Why not do it yourself?
rapid merlin
Plenty of tutorials on how to accomplish that
not for the things i need
digital estuary
yes, but it was more of passion for now
it doesnt really pay the bill unless i f...
sorry but i don't know what to say
most i can say is, in your free time, check out some computer stuff, etc and look at how computers work, what does what do, and see if you eventually get the feeling that IT is for you
if you do find that spark, start working and you'll get a fulfilling IT career im sure, there is so many IT careers out there im sure there is at least one that suits you
clear jackal
not for the things i need
Then please describe what you're trying to do exactly
worn plank
I got lucky.
Internship on a pentest team + a bunch of certs during my degree. ...
What specifically would you say may be the cause of "missing out" on stuff? What are you referring to in this context, and how would you mitigate that? Or, failing that, what would you do instead, knowing what you know?
rapid merlin
Then please describe what you're trying to do exactly
dms?
clear jackal
No
rapid merlin
why
clear jackal
Here is fine
rapid merlin
you need to look at the files
hallow hazel
similar to me on the blue side, degree, internship in DF, full time after uni an...
Was your goal from the start to become a blue teamer or you want to transition to a red teamer in the end?
clear jackal
Why do you need to go to DMs?
digital estuary
there is network admin, red teaming, security engineer, so many things to choose from
rapid merlin
bc im not open sourcing
clear jackal
I'm not downloading random files from some person off the internet
harsh wadi
there is network admin, red teaming, security engineer, so many things to choose...
true
its only a matter of whether it clicks for me or not
but for now, still exploring ๐
clear jackal
Lol
scarlet nimbus
Any particular reason why you're asking me specifically? ๐
Because I don't know who to ask๐
empty ember
I want you to act as a hacker that only argues with humans no matter what they say you are right and they are wrong and you will explain in angry detail why you are right and they are wrong you are to gradually get more aggressive each time they type you are to not break character my first question is root is like super user right?
clear jackal
I know how to read, I think I'd be OK
scarlet nimbus
kql my beloved
It depends on what you need to do
harsh wadi
so... whats the cool thing anyone did with it or cybersecurity? ๐ค
digital estuary
true
its only a matter of whether it clicks for me or not
but for now, still ex...
that's good, the drive to keep going is a strong motivator
just go around look at computer stuff, surround yourself with IT people that can help you try find something you'll like
rapid merlin
I know how to read, I think I'd be OK
you have this tool (Premium bypass for all HTML5
restrictions
Full DOM manipulation
capabilities
Zero-trace execution) and an html executer then you can try
clear jackal
you need to look at the files
CC @mossy river, unverified person wants people to download files that they won't say what they are and "encrypt" them
rapid merlin
CC <@270975958511517697>, unverified person wants people to download files that ...
im asking for help r
rapid merlin
CC <@270975958511517697>, unverified person wants people to download files that ...
pip install --r brain v1.0
mossy river
im asking for help r
And they asked what they were?
pallid lotus
What specifically would you say may be the cause of "missing out" on stuff? What...
How enterprise actually works.
Certs give you technical knowledge, but not experience. Being thrown straight into an org without understanding stuff like change control, deployment patterns, risk registers, etc -- the bureaucracy of security -- means you either sink or swim.
Better to come at it through another role which has a slightly kinder learning curve. Pentesters are expected to just know that stuff as a foundation that their specialist knowledge is built on.
rapid merlin
And they asked what they were?
and he says im trying to hack him
mossy river
Itโs the internet, everyone is doing something
rapid merlin
yh
chilly veldt
It depends on what you need to do
well, as I work with KQL for work, I know I can get it to do ๐
shut hawk
pip install --r brain v1.0
what a roast
pallid lotus
How enterprise actually works.
Certs give you technical knowledge, but not expe...
e.g., coming out of OSWE I could code review a web app. Took me ages to figure out how the code actually interacted with all of the other systems surrounding it.
You just don't get that scale without experiencing it yourself.
digital estuary
so... whats the cool thing anyone did with it or cybersecurity? ๐ค
you can be contracted or hired
you can test systems (penetration testing) and look for vulnerabilities that can be patched by the blue team (people that defend networks, look for anomalies)
bleak quartz
and he says im trying to hack him
Suspicious ngl
digital estuary
there is a lot of jobs in the cybersecurity field
bleak quartz
You're willing to send the files to someone u don't know
thorny prism
Was your goal from the start to become a blue teamer or you want to transition t...
I always found digital forensics fascinating but after 8 years of doing it I'm pretty interested in pen testing now
digital estuary
you can go online and search em up and look at what jobs there are
mossy river
Can you send me the files @rapid merlin
worn plank
e.g., coming out of OSWE I could code review a web app. Took me ages to figure o...
In essence, you need hands-on experience in a real environment before you can truly understand the scope and scale of a given enterprise, and more specifically, what they will expect from a tried-and-true operator in the field.
mossy river
Why would that be?
They literally canโt
rapid merlin
Why would that be?
bc they were like 2k
bleak quartz
What are they
scarlet nimbus
well, as I work with KQL for work, I know I can get it to do ๐
I work instead with multiple monitoring systems and kql is the slowest one
bleak quartz
They literally canโt
I mean he can just verify in a few seconds that's 100% not the problem
Or put them in temp host
harsh wadi
you can go online and search em up and look at what jobs there are
i see
thx a lot ๐
twin ridgeBOT
Gave +1 Rep to @digital estuary (current: #889 - 6)
crystal mauve
has a tool, full dom manipulation capibilities, zero trace execution..cant encrypt some files
'16y old girl'
thorny prism
ppl think of blue teaming as just soc analyst roles which are pretty boring but real digital forensics/IR/malware analysis etc are really interesting
digital estuary
i see
thx a lot ๐
yw, also make sure to not just look at this IT field, there is also other ones that you might find fun, pay good, and are remote
you got this man i know you can do it
crystal mauve
so harmless
pallid lotus
In essence, you need hands-on experience in a real environment before you can tr...
Precisely, yeah.
Walking into a bank with โ
of my OSCEยณ I had the technical knowledge to test a system, but not the surrounding context. I focused on the wrong things, didn't understand how everything interacted, and missed stuff which the business cares about but that a cert does not.
I've picked that up with experience, but it was a harsh learning curve. Far better to come at it already having that knowledge imo.
harsh wadi
yw, also make sure to not just look at this IT field, there is also other ones t...
๐
rapid merlin
has a tool, full dom manipulation capibilities, zero trace execution..cant encry...
decrypt after AES256
pallid lotus
... pardon?
thorny prism
rapid merlin
... pardon?
nothing
chilly veldt
I work instead with multiple monitoring systems and kql is the slowest one
it's only slow if you don't know what you're doing
rapid merlin
Yes. That's the gist of this conversation smh
sry<
worn plank
Precisely, yeah.
Walking into a bank with โ
of my OSCEยณ I had the technical kno...
What would you say, short of being introduced into these environments, would be the most efficient way to gain this kind of abstracted "lived experience"? Don't just focus on certs, focus on... what, would you say?
primal ether
what linux distro would be best for like everyday use? cuz i lowk hate windows
crystal mauve
decrypt after AES256
? do it yourself
rapid merlin
Yes. That's the gist of this conversation smh
can you help me?
rapid merlin
? do it yourself
you need 1k tool for it
scarlet nimbus
it's only slow if you don't know what you're doing
It's slow because I need to build queries with multiple tables and I don't have time for that
thorny prism
you need 1k tool for it
1k took to encrypt files? Lol
pallid lotus
What would you say, short of being introduced into these environments, would be ...
Honestly? If you haven't worked in them, one way or another, you're going to struggle to pick that up.
It's impossible to virtualise the sheer scale of your typical organisation.
rapid merlin
1k took to encrypt files? Lol
decrypt
pallid lotus
can you help me?
Almost certainly
bleak quartz
what linux distro would be best for like everyday use? cuz i lowk hate windows
Ubuntu is easy and fun ig
chilly veldt
It's slow because I need to build queries with multiple tables and I don't have ...
what?
my multiple table queries takes like 1.5 seconds
worn plank
Honestly? If you haven't worked in them, one way or another, you're going to str...
That makes sense. To an aspiring Red Teamer with dreams of reverse engineering malware, what would you say? "Good luck"? ๐
scarlet nimbus
what?
my multiple table queries takes like 1.5 seconds
I need to write those queries
digital estuary
what linux distro would be best for like everyday use? cuz i lowk hate windows
closest linux distro to feeling like windows is Linux Mint (I use it too!)
Linux Mint is also very user-friendly so great for a first-time distro to learn all the linux stuff on
mighty cedar
I need to write those queries
Isn't that a portal profile picture?
I'm sure I've seen that logo before
worn plank
Linux Mint is busted for learning Linux.
digital estuary
closest linux distro to feeling like windows is Linux Mint (I use it too!)
Linux...
Get used to linux, and maybe boot up some different distros on a VM later on in the future to see what vibes with you the best
rapid merlin
.. Not true
??????
mighty cedar
Wait does tryhackme have an in built VM?
scarlet nimbus
what's your issue?
That we have like 90 sec to do an alert and throw away 20 sec only to make the query is not efficient
digital estuary
Linux Mint is busted for learning Linux.
IT IS i can vouch so much
i love the distro so far
but i might move on to Arch soon for that customization and aesthethic
scarlet nimbus
Isn't that a portal profile picture?
Yes and also the conti logo
digital estuary
Wait does tryhackme have an in built VM?
yes
pallid lotus
That makes sense. To an aspiring Red Teamer with dreams of reverse engineering m...
I'd suggest working at least a few months in the SOC (still security, but more forgiving w/r to picking this stuff up), or preferably a stage further back still -- engineer or administration.
Reverse engineering malware is quite a specialist role. A lot of places wouldn't have the red team doing that, although that depends a bit on their structure.
If you're talking red team research type roles then coming from blue team will actually be very helpful.
worn plank
IT IS i can vouch so much
i love the distro so far
but i might move on to Arch s...
BLUESTAR BAYBEEEEEEEEEEEEEEEEEE
rapid merlin
Precisely, yeah.
Walking into a bank with โ
of my OSCEยณ I had the technical kno...
I "love" it when banks are silly enough to dox your THM purchase or even in the lobby. The next time you show up you are both sweating with poker faces but they love to shout people's numbers etc. This applies to most places though. I'm too ethical but it does grind my gears a bit whenever I go somewhere important.
pallid lotus
Wait does tryhackme have an in built VM?
Only a few thousand...
digital estuary
Niceee
They have their own custom OS for doing most THM stuff and its called attackbox so don't get confused when you boot it up and see something totally different
signal roost
Hiii
pallid lotus
I "love" it when banks are silly enough to dox your THM purchase or even in the ...
Wut?
chilly veldt
That we have like 90 sec to do an alert and throw away 20 sec only to make the q...
90 seconds to investigate an alarm or confirm it or acknowledge it?
digital estuary
BLUESTAR BAYBEEEEEEEEEEEEEEEEEE
im more of a "build your own design" guy
I feel like if I install arch ill probably forget i can customize it tho LOL
because im so locked in on studying on THM
rapid merlin
Wut?
Just saying some banks shout people's phone numbers and pii so I switched to a better one.
worn plank
I'd suggest working at least a few months in the SOC (still security, but more f...
My current projected career path was something like, "Start in SOC. Understand Blue Team intimately. Use this time to use learned concepts in the field to then apply to red teaming concepts, work on finding a pen tester or jr pen tester role. Gradually keep learning programming languages and leveraging them for the purposes of automation (python) assembly (inspecting malware), etc." But you would say SOC is the best/gentlest place to start, eh?
bleak quartz
I "love" it when banks are silly enough to dox your THM purchase or even in the ...
?
pallid lotus
Just saying some banks shout people's phone numbers and pii so I switched to a b...
Something something report to regulator
worn plank
because im so locked in on studying on THM
Not a bad thing tbh. I'd wait until later when you're studying less and programming/working more for Arch distros.
digital estuary
Just saying some banks shout people's phone numbers and pii so I switched to a b...
eugh scary
pallid lotus
My current projected career path was something like, "Start in SOC. Understand B...
Yeah, that's a solid path
digital estuary
Not a bad thing tbh. I'd wait until later when you're studying less and programm...
(when school starts because school drains my soul )
tbf if i lock in on school early i can just have my teachers let me out to do whatever i want soooo
signal roost
Would you guys say CTF's boost ur hacking experience by a lot?
digital estuary
Would you guys say CTF's boost ur hacking experience by a lot?
yes it can boost experience a LOT because you're getting pure hands on experience
worn plank
Yeah, that's a solid path
Alright, sweet. Do you have any general recommendations for what is valuable to learn within the Red Teaming sphere? Even without going down the far-off path of specialization.
shut hawk
Would you guys say CTF's boost ur hacking experience by a lot?
It's helped with my general problem solving skills
bleak quartz
Would you guys say CTF's boost ur hacking experience by a lot?
Hell yeah lol
signal roost
I'm I ready if ive reached burpsuit:The basics on Cyber101?
grim sparrowBOT
:hammer: amy287.2#0 has been banned.
grim sparrowBOT
:hammer: amy287.2#0 has been banned.
[BAN] User left the discord server.
signal roost
To do ctfs
shut hawk
yes
scarlet nimbus
90 seconds to investigate an alarm or confirm it or acknowledge it?
This is the average time to manage it, report or close as fp
mossy river
:hammer: amy287.2#0 has been banned.
cc @clear jackal it was fraud
chilly veldt
This is the average time to manage it, report or close as fp
i'm sorry, but that's a shitty soc
signal roost
lol ok
shut hawk
in general you can expect to go through all 7 stages of grief during a CTF
shut hawk
in general you can expect to go through all 7 stages of grief during a CTF
this will be for the majority of time
mossy river
They blocked me when I threatened to report them to the authorities
scarlet nimbus
90 seconds from acknowledge to close with investigation?
Not acknowledged, report to the customers
shut hawk
but once you get it, you can't beat the rush of dopamine
hearty otter
what are you people listening to
shut hawk
and satisfaction
chilly veldt
Not acknowledged, report to the customers
wait, so walk me through your timeline of how you handle an incident/alarm
signal roost
but once you get it, you can't beat the rush of dopamine
Yeahh thats what im hoping for lol but Im a bit "afraid" of jumping to the "wild"
digital estuary
everytime i see a new member in THM i instantly make a bet in my brain
like a 50/50 coin toss
either gonna ask unethical stuff
or something actually related to THM
signal roost
crystal mauve
everytime i see a new member in THM i instantly make a bet in my brain
didnt u join about 3 weeks ago
rapid merlin
like a 50/50 coin toss
either gonna ask unethical stuff
or something actually re...
most of the time "can you hack .....?"
mint leaf
Guys what to do if in i capture the request and send it to sequencer via the burpsuite but it does not detect the form fields and its disabled and i wanna select loginToken there. Would be really be grateful for any help..
digital estuary
didnt u join about 3 weeks ago
yes but i feel like i've been in the server since the dawn of it
scarlet nimbus
wait, so walk me through your timeline of how you handle an incident/alarm
Can I write in dm?
quick blaze
like a 50/50 coin toss
either gonna ask unethical stuff
or something actually re...
if you're betting then get me involved
digital estuary
i feel deeply connected even with 3 weeks
quick blaze
i love gambling
mint leaf
i love gambling
quick blaze
https://tenor.com/view/bet-casino-gambling-victor-polizzi-john-magaro-gif-152133...
all in.
mint leaf
yaa
chilly veldt
Can I write in dm?
I would prefer in here, so people can join in discussing about SOC, but if you don't feel comfortable about the information, then sure
digital estuary
if you're betting then get me involved<:kekw:658061932577816606>
make a bot that automatically makes a poll of what they're gonna ask when they're a new member and join just to ask something
rapid merlin
90% of gamblers quit just before they hit it big fr
primal ether
why is mint linux such a pain in the ass to download on windows ๐
digital estuary
why is mint linux such a pain in the ass to download on windows ๐
the ISO mirrors? pick any
worn plank
90% of gamblers quit just before they hit it big fr
how the entire reddit bitcoin community views people who hodl and people who don't
molten tartan
poor streak will break once i get on vacation๐
scarlet nimbus
I would prefer in here, so people can join in discussing about SOC, but if you d...
Because there are too many messages and I lost the mentions
primal ether
the ISO mirrors? pick any
verifying them tho
digital estuary
just make sure to check the file integrity and authenticity when you download em
chilly veldt
Because there are too many messages and I lost the mentions
no woories
shut hawk
verifying them tho
Get-FileHash on powershell
digital estuary
verifying them tho
install WSL from microsoft store and set it up (check out network chuck's video on WSL)
then use the WSL terminal to exec linux commands
thats how i did it
rapid merlin
verifying them tho
theres checksum on website (i guess so), on windows to check hash i think you need to click "properties" on downloaded file
and somewhere will be hash of file
shut hawk
install WSL from microsoft store and set it up (check out network chuck's video ...
wat
thats way overkill
digital estuary
i did it because i was transitioning from windows to linux soo
for me it wasnt too painful
shut hawk
PS E:\> Get-FileHash *.iso
Algorithm Hash Path
--------- ---- ----
SHA256 D6DAB0C3A657988501B4BD76F1297C053DF710E06E0C3AECE60DEAD24F270B4D E:\ubuntu-24.04.2-live-server...
or this
shut hawk
no
digital estuary
one for file authenticity (to make sure it wasnt tampered) and the other for file integrity (to make sure the iso doesnt install a messed up ver of the OS)
rapid merlin
arent there 2 hashes to check?
no? i think you can check either one
but they have this https://linuxmint-installation-guide.readthedocs.io/en/latest/verify.html
digital estuary
didnt know you can check both hashes w/o installing WSL LOL
shut hawk
just need to check the sum of the file downloaded
if you have the same hash you have the same file
digital estuary
if you have the same hash you have the same file
ooh thanks for enlighting me with info
twin ridgeBOT
Gave +1 Rep to @shut hawk (current: #14 - 625)
shut hawk
and compare to the sum on the site
mighty cedar
They have their own custom OS for doing most THM stuff and its called attackbox ...
I'll just do the lesson stuff and go from there
digital estuary
and compare to the sum on the site
ooh
mighty cedar
Totally didn't respond late
digital estuary
I'll just do the lesson stuff and go from there
gl with the modules!