#general

People send like 1 message per week in those, lel.

so quiet

and all the better for it lol

lmaoo

ello eliz

guys

why dont thm do giveaways for prem

i want it sooo badd bruh

They do sometimes.

dont study how to hack for certs. study how to hack certs

never seen one since i joined lol

lol

theyre a business trying to make money

how long ago did you join?

they just did a contest to get gold tickets

and a prem sub was a prize

yh i saw that

i got like

see, they do giveaways

I mean you joined the server 6 days ago. Dunno how long you've been on THM for.

extra streak

they are a business, they need to pay their workers

freezes

so their families can eat

btw i have question about im newly start to learing soc analysts, do u have any idea how much time i need to starting junior or smthng like that

like 2 month

got 68 days streak

Is something wrong with TryHackMe’s servers? It’s so slow right now. VMs aren’t loading fullscreen mode and takes forever to process a response in rooms. Sometimes saying an unknown error occured. I tested my internet speed and download/upload came out very fast so not something on my end

im sys admin and it specialist normaly

Alright, then no wonder. They do like 1 or two events with prices a year, if even.

damn

im waiting for the advent of cyber tbh

is it on 1 dec?

Hard to tell, if you want to troubleshoot it, clear your cookies and cache and/or try in private mode in the browser.

If that's already what you do for a living, it won't take long at all to pivot

Try a different browser and/or restart yoru coputer

im newly move another country and i have fresh start

guys is it bad that i completed like 200 rooms in 2 months? 💀

that reason i wanna learn soc analysts

bad?

Totally fair, just yeah tons of rooms on THM for this topic

Definitely doesn’t seem to be on y end. Everything works well except tryhackme so wanted to see if someone experienced the same

idk is it?

im little bit tired sys admin

https://tenor.com/view/it-problem-phone-call-have-you-tried-turning-it-off-and-on-again-gif-17823069

how would it be bad?

like if im doing them to fast or some shit idk man

it feels that i am doing too many rooms like in a short period

Are you taking proper notes and do you remember the stuff you learned about?

yh ofc

Then no, it is not too fast.

alr bro

Once you progress more it will get harder

yhh true its getting harder for me

im like doing 10-20 events per day

before

i did like 100 each day 💀

but im trying to do hard ctf

and retaining that info...?

Yeah, keep it up!!

i mean meduim

what bro

100 in a day? they must have been really short

yhh thats when i started

aka did you actually learn and potentially take notes on such?

i just did easy walkthrough and ctfs

but now these hard and meduims got short answers

not that many as walkthought

you know cuz they do not tell you exactly what you should do like a beg

It's just not a race, this is supposed to be for your learning and experience

how did you do 100 in a day but only 200 in 2 months?

bro not rooms

i said events

yup, makes you learn more .. once you have a foundation, you can start figuring out what you need to do by trial and error

mb

i meant

questions

whats an event?

@sinful moon do u have any advice for me? like which rooms i need to do next after pre-security

i though they were called evnts

lol

oh

a question

yh

hi guys

i finished my web site

I mean there's a big pretty roadmap at https://tryhackme.com/hacktivities which spells it out

nice

bro i wish i could complete them all

or made them for free users at least

This isn't about speedrunning courses, this is about learning.

it doesn't like it, it's just the game of numbers, just throw spaghetti on the wall something will stick 😛

yes, education cost money and this site is super cheap

yhh true

learned a lot in thm tbh

you must sacrifice in life to achieve ultimate riches

so mow some cars or wash some lawns maybe?

guys

Could you guys rate my website?

in bug bountry

alright thank u very much for helping

Gave +1 Rep to @sinful moon (current: #35 - 323)

if u find a bug

do you have to report it

and like

I don't think they allow that here

report how to fix it too?

https://tenor.com/view/lawn-mower-fast-honda-fun-riding-gif-22519899

or just report the bug

https://guilhermemontoya.pro/

hi

I love clicking on links to random websites.

Same here.

bruh its not even in english

......you report the vulnerability with very detailed information of how it was achieved. I think you need to learn about how bug bounties work before considering such

yeah...

you need to translate

on browser

yh yh i know bro im just learning right now

gato

I thought it was horse not cat 🤣

horse did say cat though

el caballo dijo gato 🤣

IDK, your CTF thingy seems a little easy.

You should try to obfuscate the Javascript that is used to check it or do the check server side.

What if the horse identifies as a cat?

alright I'm too exhasted from brainrot side of discord lol

LOOL

nice dude

sorry lmao

xD

You're fine just long day

Do you prefer vim or nano?

vim for the last 18+ years

How do you even manage lmao

nano. but thats just out of habit rather than anything else

I learned

I love VIM

vim FTW!!!! 🙂

just been on Linux for as long as vim, and zsh, and more

lmao https://stackoverflow.com/questions/11828270/how-do-i-exit-vim

LOL

just start vim in easy mode

I didn't have much of a choice back then, and once you get used to it that's it

plus yeah vim keybinds are eveywhere in the terminal realistically

I believe in Neovim superiority.

how do you move around or search in journalctl, yeah just vim keybinds

obvs I use neovim but mhmm

I mean it is just good.

I'm just oldschool enough that I need a alias vim="nvim" in my `~./zshrc' lol

And every not good keybind can just be rebound anyways.

Based.

Even do that for vi.

vi should just already be a symbolic link for such, but it shouldn't matter too much if you set your $EDITOR

I remember vi 🙂

Man, I still work on systems where there only is vi.

What distro do you all use for your production systems? Been using Debian 12 lately. Ubuntu 22.04 has too much bloat imo.

Kinda funky when not even backspace works as you'd expect it to.

Ubuntu Server for prod, I can't trust that the people who come after me will know a single thing about Linux

I tried using Windows Server. Never again.

Which is why I also have very detailed documentation internally lol

Linux is the way.

My server runs Ubuntu as well.

to be clear prod should mean at work and not just your homelab lol

Work is different, no prod stuff there. We do pentesting and are allowed to run whatever we want as long as we get the job done.

my homelab server is on Proxmox

I just have a VPS with docker on it.

Because cheap.

Hetzner? OVH?

Currently unable to run a server from home, but I will set one up as soon as I can.

Hetzner.

Good stuff.

I do similar for my personal pentesting server yee

and heck some prod stuff at work lol

A homeserver is more convenient then a VPS to be honest, just because all my services need client side encryption or I cannot use them.

Which means I need to skip on a lot of cool stuff I'd like to have.

Update. I have the password and Apple ID for my laptop but it’s asking me to reset the number using a device that was stolen 😭

Anyways, it's late and I gotta get to work tomorrow.

But VPS has complete isolation from your internal personal services and etc, so why not both lol

okie, see ya bit

Watcha mean by complete isolation?

If Hetzner wants my files, they get my files.

aka you're not worrying about VLANs and etc if you're deploing anything sensitive a VPS. It has nothing to do with your home network and etc as deploying in your homelab virtual host may

Ttyl

Oh, no no, that's all good. xD

That part is covered by Hetzner and their firewall.

Indeed but anyways I'll let you head to bed lol

But I am using it to sync contacts and my calendars and todos and whatnot, so I want to keep stuff private.

uhoh

They also allow bridging through multiple VMs so they can connect to each other.

vSwitch.

Uh oh?

Maybe I misunderstood if your VPS isn't used for pentesting at all but still

It's not, no.

alright bit better

For work we got different solutions that I will not disclose.

My VPS just hosts a couple services I use in my personal daily life.

Having your own cloud is quite convenient.

mhmm

for personal yeah I have my homelab server doing tons and yeah an entirely pentesting focused VPS that I use with THM/HTB and more

That's kinda wild.

What stuff do you run on there for THM/HTB?

Literally everything?

I usually just abuse the AttackBoxes as cloud machines when I need one on the fly.

oh, i mean just typical tooling and etc, I just have headless Arch with the packages I need

meep moops it is the time for sleep sloops to the beep boops

Makes sense.

yoo this lab is gltiched i think

Mostly use VMs for CTFs and the sort.

Only time in my life I have ever considered Arch for a server because big lol to that, but has all the infosec tooling I need and it's not like production critical, it's just a tool I use

Currently in the process of setting up a Nix config for my offensive machines as well, so they will be identical no matter what system I use them on.

good luck I have opinions on Nix, but I'm happy that everyone can use whatever distro is most suited to them

I am interested in your opinions.

i use arch btw

Only recently started working with it, and so far it seems very cool.

I think all of us do.

To be fair my opinons were not informed that Nix can even do preset package config overlays like you described

It's a phrase.

but hashed based unique file paths to every app and needing to customize every script for your distro are not the ost fun

A lot of people say it to "flex on people" like it's a big deal

Is it just me or thm is trippin

It's a dumb meme, let it die

Nix can do a whole bunch of cool stuff.
Like you can set it up on Arch or something, and then have a dedicated workspace in some folder that Nix automatically configures and un-configures simply by you cd-ing into that directory.

And with flakes, you just get stable software deployment alongside whatever distro you use normally, which is also pretty neat.

If I wanted to flex I'd just say I've been Arch main since 2008 and that much is not a lie, but I also will not recommend it to others unless they actually think it sounds appealing. I only know it's perfect for me

But to be honest, I am currently writing a config to switch my entire system to NixOS, so I would wonder what you think about it and what issues you have had.

I don't 🤣

https://tenor.com/view/lenny-confetti-hired-kitten-stare-kitting-looking-kitty-cool-kitty-gif-9918300050481591273

for the people that are currently working either in red teaming or pentesting anything offensive in general , i got some questions for a product research am doing :
1-is the market really big or is it that only big tech companies invest in it ,
2- if u deploy a product for the sake of pentesting and red teaming how u deal with regulations and how to avoid the clients that might use it in a harmful way
3-do u think that the different products in the field lack a more good ui/ux experience or that u dont care bout it

Nah it sounds like you are more informed than I am Bit, so go for it. The issues I had were a bit more fundimental/low level

I wanna build Arch from the bottom just for the learning experience.

https://tenor.com/view/cat-puke-rudy-cat-cat-gagging-cat-meme-gif-18354011395109234480

yes you can
https://wiki.archlinux.org/title/Archiso

If I want to flex I'd mention I've used Linux since 1993 😉 🤣

...that is literaly how Arch is is installed, yes.

I know lol

alex I think you misunderstand

We made the mistake of mentioning a Linux distribution, now watch the chat disolve into chaos.

arch have tool for it to make like iso based on own apps and things what you have

I had a copy of RHL that came on floppy disk.... Pretty sure it was RHL1.0. If only I could find it......

i did ?

Check this out: https://www.linuxfromscratch.org/

They just want to install Arch up from minimal enviroment, which is liteally how it always works, not customize an ISO with a preset config

if you really want the full 'i built all my own modules' you can roll with gentoo or LFS

oooh... then just offical arch and go for it

Yeah everyone with decent Linux experience should LFS at least once

arch does have an installer now, it kind of 'cheats' the full arch experience we all know and struggled with

it's not recommended, and it's there just for people to script

If you want to make an apple pie from scratch you must first invent the universe

peoplel misunderstand it

I used rh back in the day also, SCO, Solaris, FreeBSD that brings me back 🙂

Exactly, which is the reason I want to install from the bottom.

mhmm just literally follow the Installation Guide on the Wiki and that is the experience

Was fedora before or after red hat?

Anyhow, 1 AM. I will take my leave.

after

Same here.

Nice talking to everyone, see you guys around.

i would suggest you don't do that on a bare metal system you actually need to have usable. The experienec is pretty much the same doing it from a vm

Parallel. Red Hat owns Fedora, as much as anything can own a FOSS product

I mean... but sure if it's your first time why not

Is thm down for you? It's down for me

Is the website insanely slow for other people too?

Yeah I'd just get a VPS from Hetzner

Yeah

Yer a few people have complained here

Probably AWS shitting it's pants again

after, if I'm not mistaken first release was back in 2003

I heard there's a DNS problem on Azure and AWS but that's it.

nowadays is upstream of redhat

https://tenor.com/view/aww-hell-nahh-aww-hell-aww-hell-nahh-gif-9659330954843262630

Majority of the Internet is powered by Azure and AWS

yikes

I need to finish cybersec 101

Before my sub renews

https://www.youtube.com/watch?v=YC7NMbl4goo is waht i liked

cybersec 404

not found

heh...

I was gonna say 500+

If you hate yourself just install linux from scratch 🤣

Please don't recommend inferior random easily outdated guides when we literally have the Arch Wiki...

unless I misunderstand, just good thing to mention

I trust the Arch Wiki more than a random YouTube video

is less than y cca

arch btw

nice cava config

i still didin't make it as wish =/

wheres neofetch

fastfetch ftw

yeah lol

what's the difference

you never do 🤣

neo = out of service

neofetch is depreciated and fastfestch has been decided by the community to the the successor

listen here you little shit... arch job is newer done ❤️

You're just seeing alex's highly customized fastfetch

by default it just looks like NeoFetch but with more info

my point exactly, change it every 2 minutes and never happy 😉 😛 🤣

Nah for me it's mostly set it and forget it once things are configured

but fair I've been doing this for nearly 20 years lol

Let me guess. You're using PuTTY?

indeed, I got the way I liked it and stuck with that 🙂

....who?

You.

To do what? And not really?

the only putty I know is the one that little kids use 😛

Was more of a response to this.

If you mean to communicate with my VPS, no I need much more than PuTTY can provide, I don't think it does SSH tunneling and more

No that was in reference to my use of Arch Linux as my main distro

I have to install it for an assignment in one of my classes.

I've been using Termius lately

I love it

...your class told you to install Arch on a server?!?

Oh no, not a server, but my personal machine.

Alacritty is my terminal of choice

Fair enough

From what I've heard, the installation process for Arch is super tedious.

Good luck soldier

Potentially but you're forced to learn how Linux actually works to proceed

instead of just like "lol installer did it, now idk how to fix"

Learning how Linux works and all the component fit together should be of extreme interest to someone before they even consider using Arch imho

linux from scratch or gentoo before arch 🤣

Nah Arch is siginificantly esier to get into and introduce these concepts than either. From there sure I would say it's LFS or Gentoo time but only (imho) for learning. But there's some who stick with Gentoo and want to compile absolutely everything under the sun and more power to them I guess

I mean, I know a little bit. I know some commands, how to navigate through the file system, just the basics.

Well again I won't recommend Arch to you unless you think that sounds perfect, building a base config (that you set up even) up to a usable environment.

I try not to recommend distros to anyone these days tbh, I'm just too far away from that perspective anymore

I know 🙂 I used gentoo for a few months a long time ago, then I decided I wanted to have a life too 🤣

haha totally fair

Damn the website is REALLY slow...

I wanna have fun with AD...

That's why you should have a home AD lab already c:

https://tenor.com/view/gohine-hohino-no-hohineee-gohineee-gif-17792172174678204487

in it's own cute little VLAN doing it's thing

a few people complain about that earlier

Dkob is too afraid of actually administrating said AD domain 😉

can be a pain

It's orderds of magnitude easier and more intuitive than freaking Azure/Entra ID/Intune crap though lol

AD and GPO just werk, you own them and they're easy

I haven't done anything with azure, just a bit of aws

Azure/Entra/Intune, whoops you're missing the licenses needed to rent this feature, whoops gotta relean everything you know because we reinvented the wheel, also sorry we renamed and redesigned that feature two weeks ago

Count yourself lucky then

sounds a lot like microsoft, why I'm not surprise 🤣

mhmm

I have the gin and tonic, I guess I'll do some CCNA study, tv show and sleep so see you 🙂

Masterchef Israel 🙂

Just Fresh installed my system and going for a newish look

it's certainly a look. Hope you have an OLED screen for that since yeah it does look nice with such. But I presume you cropped out your panel and such unless you went ultra-minimalist

i got rid of the panel

how does one learn opsec??

By doing it

Hey THM Staff -

Are the pentesters and security professionals who are testing your AI Pentesting Agent going to be compensated for their time? Or are you expecting them to volunteer to help build this separate start-up?
#announcements message

This is a huge question TBH, I learned OPSEC through my CRTO but it depends I'd say... the OPSEC for a red team engagement would be very different from the type of OPSEC you'd need for a pentest.

In my exp, all the DAs will say this and that. But only you can learn what's true if you put the effort into it

Doubt you'll get an answer in here. Do you have access to #lounge ?

And dont let the gatekeepers put you down

hey bro I am new too

I am nigerian, let's connect please.

No. I was removed from other channels because apparently "Hack Smarter" - my 1-person course platform - is a "competitor" to THM according to Skidy 🙃

O wow....

Hm ok. I'll ask internally and get an answer to the people that asked. How would you like for me to reach out to you for the answer?

Part of me isnt surprised

Anything works! You can tag me, DM me, or just shoot me an email - tyler@kairos-sec.com

Everyone wanna gatekeep these days smh

Alright will do.

Really appreciate the quick response!

"competitor" lol

Interesting I don't have access either with advanced servers channels and such, but I won't question it

My thoughts exactly lol but it's all good

can I post something to ask if these questions relate to Cyber/Info Sec?

Do you have content for Red Team operations?

(Anything that's CRTO level + ?)

Its the gatekeeping that urks me

Ive seen that so much in IT

All IT fields

Okay so I know you're not trying to trap me lol but I don't want to break any rules by advertising other content. Yes, I have a video course with labs on Sliver C2 - covering pentesting as well as EV Evasion. The final capstone requires fully evading defender for a stable Sliver session (and doing some post-exploitation).

I'm not sure if it's great prep for the CRTO though; but it's good prep for something like the OSEP on evasion

I already have the CRTO, I'm just looking for something more.

Ah yeah, I don't think it would be a good fit for you (you'd be beyond it). This is a review from someone with the CAPE, CWEE, and OSEP -

I was thinking pro labs from HTB, but apparently these are shared machines so not private.

We are releasing ranges very soon (7 - 10 machines), and each one will be a fully private instance as long as I don't go broke 😂

@thorn tusk wow 🤯 it's really u

Is it unlimited launches? If so I'd reconsider.

Had a chat with rastamouse (ZeroPoint Security)
Dude almost went broke due to it.

I've always been a big fan of THM. I think I've made hundreds of videos promoting them for free (and some of the official challenge machines - including Sliver Platter which I think is part of the official PT1 prep). I was really disappointed when THM leadership saw my platform as a competitor. I'm also not being invited to participate in Advent of Cyber this year either (apparently)

Sort of - but it's not unlimted for the student. I set the amount of time they get (and then they can purchase more lab time at cost if they want)

Yeah all the wishes for luck, never seen your videos nor heard of you, but it's nice people coming out with more content like this

Fuck the gatekeeping tbh

It is!

People wanna getkeep

its annoying

Big fan

🫡

Thank you, I appreciate it!!

Gave +1 Rep to @frozen hull (current: #269 - 35)

They r scared of u

You do you and dont any asshole tell you otherwise

Try getting into smaller orgs, it's a blast 🙃

I think it's just one person at the top 😄 - I'm still friends with many of the THM people and they are all amazing

Can I give u friend request 🥺

Please

I received some questions regarding something If i post to see if they are related to cyber security would that breach a server rule?

In that there's no gatekeeping, you're instead found to possess all the skills you reasonably have and whoops now you have 12 job titles lol

Sure but I'll be honest, I get way too many messages on Discord + LinkedIn. Best way to get a hold of me is email. I do my best to read and respond to each email - tyler@kairos-sec.com

Got it sir, thanks

Gave +1 Rep to @thorn tusk (current: #111 - 84)

nice to meet you I heard you pen testing on NetworkChuck websites and its crazy caido its interesting.
I tried to use caido and wow its like better then burpsuite.

this is general chat. you can ask anything as long as it doesnt break the rules

Nice to meet you as well! Chuck is a genuinely nice person. I hung out with him quite a bit at Defcon this year!

Someday I'll finally get to go to defcon lol. Just sure not at this current job

yeah he love coffee and he is coffee guy

It's not worth it TBH. I'd recommend Wild West Hacking Fest instead in Deadwood, SD. It's sort of like Defcon, but much smaller and no lines. I still go to Defcon each year; but if cost is a factor I'd skip defcon and do WWHF

@thorn tusk I saw the course content, do you mainly focus on Defender or do you also go more into the other Windows mechanisms?
(MDE, AMSI, etc...)

my close friend and peer was like of course our org payed everything... riparoonie

I'm struggling to find a course on solely windows and its internals.

Totally fair, I've just never gotten to attend an infosec con in general and yeah it would be useful, for learning and networking and more

It is primarly defender with a nim stager to teach how to use a stager to bypass Defender (and some basic EDRs)

I got a practice assessment question for an internship but I feel like it does not correlate for cybersecurity at all. Like it asks me to code. This is a siimilar question I made from what I was asked= INTEGER func(INTEGER a, INTEGER b) {
if (b == 0)
return 1;
INTEGER temp = func(a, b / 2);
if (b % 2 != 0)
return temp * temp * a;
else
return temp * temp;
}
Pick ONE option:

125

27

243

210

DO NOT ANSWER JUST tell me if this has anything to do with cyber security

It's not "strictly" cyber... but cybersecurity is an advanced field and require at least basic knowledge of programming/scripting - which I'm guessing is what they are aiming for here

Honestly you should collab with Scammer Payback and the rest like John hammond, Ryan - 0Day, Nanobaiter are doing like anti scam call center and start having fun with the scammers.

It's the guy behind the awesome courses!

I enjoyed the Sliver one a lot

If you ever launch a course solely on evasion + windows internals (Maybe just the basics - but most importantly Evasion) drop me a ping or DM. I'll gladly purchase and test it out. I usually also review lots of them - especially certs. (Currently I hold 7)

I also write review on https://dragkob.com and my PT1 review currently holds over 10K individual views.
So if you ever launch a course on evasion from the literal basics to advanced, I'm willing to being the first to purchase and review. Drop me a ping whenever.

I actually had the opportunity to be on the Red Team Village Keynote at Defcon with 0day and Nahamsec. Learning their anti-scam stuff would be fun!

yooo awesome, glad you enjoyed it!

As someone who started tryhackme about a month ago and knows nothing and needs internship what would you recommend for me to learn regrading blue team?

Yeah nice

This is awesome! I'll check this out right now and we'll stay in touch. Would you ever make your own course or labs (if you don't already?)

I have access to so much courses from my certs that maybe I could, but I honestly don't think I'd have the time.

Honestly I'd strongly suggest to begin with the basics. Getting the Comptia Trifeca (A+, Network+, Security+) will give you very good fundamentals and looks great on a resume

I'd gladly make one on offensive phishing though.

Well if you ever want to create a lab, and do not want to wait the 1+ year waiting period of THM, reach out 😄

Evil.... nevermind I won't mention the full name just in case, room when? lol

Would you still recommend me going for an internship? Im bout to graduate 2027.

or like if you doing coursea and they have a lab or it will tell you how to create your own lab like on linux to have fun

Honestly go for internships. Unfortunately I had to give up on my dream of being a red team operator just because I chose the wrong internships.

Pick wisely.

I'm now stuck in blue team.

BUT if you get the chance, the same company could also take you full time.

I doubt it's that all or nothing, but that's fair

I had 2 blue team internships, so all my opportunities were for blue team roles. I'm now 2 years in and I still regret it.

Wait.... why does that require you giving up the dream of being on the red team (esp. with your certs)? Job market sort of sucks right now but you would do a great job I'm sure

As you said job market sucks, especially in France or Europe in general.

Honestly though, I have major concerns about folks who go straight into infosec out of college. Where's your help desk and grounding experience for end user expectations and working with teams

sounds good. I am planning to initially become a security analyst and slowly merge into security engineer

Ah - yeah I'm in the US. I'm not sure what offensive security roles are like over there

No one's willing to give a chance. People with OSCP are not even getting interviews for junior pentest positions in my country.

So what I recommend is OSCP + CVE(s) - and that tends to help you stand out. Have you looked into doing CVE hunting? It's actually way easier than I expected

Same with the US

I already have a CVE coming soon hopefully.

It's underway.

My Sliver Platter room on THM is based on 8 CVEs I found over a 2 week period of being bored 😄

Nice!! That's awesome

Nice, please say its not citrix lol

NO not citrix LMAO, but here's a sneak peak...
https://github.com/Dragkob/PwnAndGo

Created yesterday, everything is still not published until I get my CVE and it's patched.

You all should do more poking at access control infra because holy crap it's everywhere and not well maintained

also I am not finished with pre security pathway yet but any practices or projects I should slowly start because I feel like just reading and taking notes is not helping me

And at worst... exposed to the internet 🙃

Yes, I work in IAM and some of the solutions have so many vulns...

Haha totally fair

The CVE I found is a Windows Signin bypass

try some easy ctf's to change and mix it up

put into practice what you are reading and learning in one way or another

Alright all, I'm jumping off for the night but it was fun chatting! When THM announces Advent of Cyber, make sure you all ask where Papa Shell is this year

Good luck with the Microsoft "boss" (unless this is third party sign-in related)

inb4 Won't Fix kinda issue :c

Aren't passkeys awesome

damn

I'll head off too, long day ahead tomorrow. Good night!

night dkob

G'night both

General nappy time

🫡

If this is serious (and I doubt it) you just screwed over yourself and the vendor by not disclosing this properly.

Dunno if this is true but don't post the details

oh.

We had the same thing in mind

Funny

mhmm lol

Meow

you can like... redact that if this isn't a joke lol, just by deleting your message, but it is now out there in some capacity

It is

screwed?

Discord scrapers...

mhmm

its from the website called hackerone you should try it.

You just shared a vuln or possibly

What stops me from abusing it?

Exactly.

Just don't do this in the future. Keep it private

we're aware of HackerOne, but I think you may have some misconceptions in how bug bounty is supposed to work

Nuke that idea

yes

i know follow the scopes and rules that you can do and cant do.

Yet you broke one of the most fundamental rules about disclosure of your research

You can't post details of what u found like this

U can post a blog or so after and still depends on their rules and policy

But AFTER it's patched

ok but i cant post it on bug bounty or no?

Otherwise it could be abused

Make a website to teach a skill–then create a machine to make said skill near obsolete. smh

it should be patched its like old.

People only post about these things after they've been responsably disclosed

and patched, and etc

What's all the fuss about guys?

I wonder did anyone submitted an eligible bug bounty rapport and got paid?

THM has everything i need so many snake oil hackers out there come up with these bland memberships and platforms that dont have much to offer compared to THM let alone HTB.

That's true

I've been in this game for 5 years and THM and HTB by far best any sort of competition out there on Udemy or anything else. No bootcamp can get you ready for the real world believe me I made that mistake. Cybersecurity takes years to master its a lifelong journey there is no way to learn and do it all. As long as you stay consistent and updated with THM your good. There is no reason to jump around here or there.

I've seen many cybersecurity courses but none of them are like THM or HTB

Yoyo guys

Is this a good plan

I already completed TryHackMe presecurity, and i have noted it all down but ofc if you have any recommendations for videos to add to my brain please feel free to, and then I will fo the cybersecurity 101 and watch videos and stuff and continue the THM roadmap and im gonna start watching Professor Messer from the start to end ofc and note it all down

How would you approach the rooms tho

Like notes aswell?

There is no point in taking notes if you are not using those

I know but sometimes I forget lessons

😭

so, make them useable

simple

💀

Then use them until they become part of your brain

Yea true

Should I just purely follow THM?

Like im new, just completed thm

Shall I just follow thm? And forget everything else

Atm

uh no

u should take notes

u wont remember everything u learn

You can try HTB or other if you want to

As a beginner?

start with THM for now

Sounds good

I wish like i had someone who was in the same shoes as me and we could discuss what we learn and shi

💀

There are lots of people here, hope you will find one

Ty dawg

I take my time and if I am stuck I'll use the echo to guide me or my other Ai assistant to help me solve challenges.

Do you go back to rooms ?

If it's a vulnerability I want to master or learn more about yes. Other than that I keep moving.

I see, how did you start cybersecurity from the start?

You should always take notes on anything new. It is extremely helpful later on

I use obsidian for my notes

Brief notes

Good choice, I personally just use docs but its all opinion

me too 🙂

I see, could I ask if you could start from scratch 0 cybersec knowledge, how would you do it?

We just built different

🧠

Everyone here is an abnormal person

use tryhackme for the basics, learn C, C++ and asm. network a LOT

Oh why those two specific languages?

Is python fine ?

Since im learning this

Python isnt bad at all. I hate python though

python for scripting

C and C++ are great to know since you get to understand a computer better and also knowing C is great for analyzing decompiled binaries. ASM for the ability to reverse engineer

I also just believe in C/C++ superiority

Also most of the malware is written in C

yer it depends on your goals

Oh and C++ is the best interpreted language anyway

theres so much to learn it can be overwhelming

Recently I encountered a malware attack

What did it do

Call forwarding and take control over the user messenger and spread the malware through messages

It's a very long story.

I see

Just like Herodotus

I will never go back to other platforms ever again THM this is it for the rest of my life when it comes to cybersecurity. The only other is HTB and I'm sorry their prices are REDICULOUS. Other platforms dont have have the resources not even portswigger academy pretty bland IMO.

https://tenor.com/view/rules-reeves-excommunicado-john-wick-gif-19346376

@stoic flame don't send friend request without permission

Ok

Plot twist, we ARE the animals

Bro has a point

Some humans r below animals

the only good price on HTB: student plan

Friend don't let friends split the earth in half with a toothpick

-# which I can have

HTB's prices for a membership are ridiculous. THM is a cheaper alternative and they are constantly updating, and creating new challenges and so on THIS IS IT. I mean seriously what more can anyone want ?

Have u tried some challenges in HTB?

Yeah i did and I see no difference your not going to convince me otherwise THM IMO is superior in terms of quality, and content.

Njoy

You are supposed to be convincing people to use THM not HTB

Did you get your letters mixed up again?

Y not both

I think they both do have great quality, but THM is better imo

price wise, content wise, etc.

thats why I support THM 😁

Imho, both are good in terms of content.
HTB for thinking outside the box and it's difficulty,
TryHackMe for being beginner friendly.

Mhmm THM is much better for walkthroughs, community especially and well they also have the CTFs and challenges. HTB is all the opposite, great CTFs and challenges, crappy community (few outliers though) but walkthroughs (via HTB University) need work, but do have some unique rooms.

But this is just like, my opinon, man

yup

If i want to learn cybersecurity. In your opinion, htb is better?

for beginners, I recommend THM

Depends on what you want to learn for CyberSecurity, but if you have no idea nor any experience in IT, you better off with THM

Have you tried OneNote?

For a beginner, I do recommend THM, but if you're above a beginner, I do recommend HTB even though the prices are expensive

ngl, I only use onenote for drawing

while coding

HTB offers more difficult and more real life type pentesting scenarios

When I transitioned from THM to HTB, I had a curve ball

HTB season boxes are free iirc and if you can reach a certain level they'll give you a 1 month subscription

Took me a while to adjust

Yea

labs?

Only retired machines require subscription

Active machines are free

Blind boxes idk what thm calls them

?

Ye

HTB Labs

gotcha

I do admit, the prices of both HTB Labs and Academy can be steep

We just call them boxes

except for student plan

real

Student plan only applies to academy
Not labs

yeah

but they prepare u for labs

Tbh I have both academy and labs subscription, I do feel it's worth it
No offence but I feel Academy's material is more detailed than THM's walkthroughs

Especially when you're studying about exploits

It's one of the most comprehensive, detailed study material I've ever seen

understandable

But.....
As a beginner, yes THM would be more helpful

the reason I dont recommend THM to advanced users is that they will disagree since they know most of the stuff in there

Pretty much

beginners however is the opposite story

I’d like if THM adds rooms that are VERY advanced

Yea they should

I think they can just increase the general difficulty of all machines

Does THM allow the community to make the rooms?

Yea pretty sure

Because HTB pays people to make boxes for their seasons

only challenge boxes rn

although it takes like 1 year to be fully verified and added to THM IF it gets accepted

Noted

God have mercy

Don't focus all your efforts on any one resource, THM is a great place to start and spend time with, but make sure to learn via all avenues avaliable, beyond just HTM and more, there's infosec news, there's vuln writups, etc etc

HTM

Bro I don't like that my role is piss colored in this server

Why can't they make 0x9 a different shade

Yeah never just stick to 1 platform or source for information.

HTB, THM, Pentesterlabs, Pwnedlabs, CTFs, Cryptohack, etc

Read CVEs, blogs, free resources are everywhere

But the majority of people are lazy

Bout to sacrifice my whole life into cybersecurity

Thanks

Gave +1 Rep to @fringe nacelle (current: #375 - 20)

I will finish htb then continue thm

Good luck

Gonna be hard but it'll be worth it

Was doing cybersecuirt junior path in htb

Finished all fundamentals so far

That's nice

Cjca? Nice

Good luck

ah for the CJCA

Yeah

I've completed the CWES path

I'll go for CPTS path now

Took you how long?

Do you have a life homie? Holy shit

Uhh did like one module per day

Ooo same

Lol

I need to do CPTS for certs

No. 🧍‍♂️

My brain can't handle all module in one day

Genuinely speaking, most of my hobbies I do alone, so no, not much social life overall

Goodluck, CPTS is definitely the hardest one out of all the beginner ones

aiming for cert CPTS and PT1

yup

Aghhh shit

I have bought PT1 but still haven't given it yet

ah

I need to practice Active Directory before giving PT1

Shit me too, but like idk. I just finished college, I work full time so now that I'm free from going into debt I can finally grind again

oh yeah

That's good
I'm still in college but have holiday these days, so I just stay at home doing stuff

forgot about AD

Going for my Net+ soon and I'll take Cwes for the fun of it. Idk if I plan to do the CPTS I'm really only interested in Networking and Web stuff

Man I should go to college tbh, I haven't met anyone in a while

I only went on campus for my IT classes, other than that I stayed online

I need to finish cjca before taking sec+ lol

Luckily we can take the exam anytime

Mine doesn't have online mode 😔

I feel like you can do Sec+ before HTB certs. Uh, just ensure you know what certs the job field around you want.

Don't fall down into a cert Pokemon grind

that’ll be me

Our program haven't started yet so yeah i still have 1-2 months

Is it apart of your college?

only going for CPTS and possibly PT1 if I get better in AD

Gotta catch em all

My old coworker talked about their college making them do Sec+

Nah, some institutions offer free training

So i take it

Tbh if you clear CPTS, you can pretty much clear most of the certs in the market, cause CPTS is genuinely pretty hard

doesnt include AD tho

Interesting, I'm just using Messer and then having an AI generate obscure questions with a MCQ that challenges me to think.

I have a senior in college who is really really good in penetration testing. He's cleared OSCP and CPTS, he told me CPTS was harder than OSCP

It does

Hold up what are thm rules with links again?

Oo that's nice idea

Can I just share a link or will a lurking mod hit me lol

Using gpt to create questions

wut

Do trial and error
Share a link and experiment

really?

Yea

CPTS path has AD?

Yeah just ensure the Ai keeps everything relevant. It loves to hallucinate

ah, then PERFECT

can do PT1

I mean you won't become a master AD hacker, but yes it includes it.

Yea it does

Do PT1 first
It'll be easier

Wth is PT1

Did thm release a red cert?

THM pentesting cert

THM has 2 certs IIRC

SAL 1 and PT1

nyo

Does it also use the horrible Ai grading system?

SAL is for security analyst
PT is for penetration testing

Hopefully not

I feel like it would

@marsh lark did they give option to remove echo from THM

yes

Not echo

Thank God! 🙏🙏

Gave +1 Rep to @marsh lark (current: #26 - 410)

That damn bot is the reason I left studying from THM

They have an AI that grades the cert, that then tells you if you've passed or not

it does use AI in its grading somewhere I believe

🤷

Hopefully they grade through humans

Not sure

I don't believe so

Unless they changed it

I remember making jokes that people could poison the grading ai

Alright bruh

Good idea

Anyways just double check what your job field wants before collecting everything you see.

Work on projects as well

Hi chat

Hi HAens

I was digging through TryHackMe resources and came across this link: http://admin.tryhackme.com/. thinking it was notes or part of the "DNS in Detail" room (https://tryhackme.com/room/dnsindetail). But little did I know, I fall for the oldest, most criminal trick you can get away with — honestly thought no one could pull that on me until now. So TryHackMe HQ, consider this your official notice!😭

(Obiviously joking)

I hiked up to a mountain peak and there was a log to put your name in it

i wrote in admin.tryhackme.com in it

just in case lol

Who ever did this, need a raise😂

This was funniest thing all day

Yeah it is

Most hilarious HQ I know hahaha

just do crtp

reminds me of this LMFAO

Lmao

Hello good morning.

:- ) AI is the same. It collects our data.

yes, thats was my point?

Nuh uh, they don't

👀

Hey any one want learn refunding

Or carding elsee

whats that?

gtfo of here. I bet u cant do either. leave

what is it?

Fraud

aahhh

We are all friends

Saw an image on Twitter that sums up our group pretty well.

Hey lill still sick boi

Sup alive fossil

Hru

Waking up, reading emails, remember that I should have remembered things yesterday 😄remembering

Well njoy

I will probably just read on twitter for an hour

With a coffee right?

New tools, PoCs, CVEs, etc

Cool

With caffeine

In a can

Looking to build a down detector instead of paying for a service

But there should be some free things on github I assume

Y build when u can steal

What is this steal

Have you not watched the borrower's

It is not stealing if its on github