#general

What’s it about?

not fully..... well shadow does cheese of the day

and have a github account with some things

thinking of putting all the github stuff on codeberg and gitlab too as backups

ISO = international satnadards organization.
27001: is a lead auditor certification.
42001: is an AI Audit certification.

yes, i like audit.

ISO8601 is best

^ a very opinionated opinion

Gitlab is superior in some ways. But GitHub is the OG.

I've not heard of that one!

https://xkcd.com/1179/

So you are like an inspector of some sort?

I'm a Security Controls Assessor (SCA) for short. I evaluate security controls. my client uses NIST-800-53 framework for implementation.

https://tenor.com/view/leobylaw-stan-twitter-gif-3376274612294825190

Epic embed fail

fascinating.

ikr lol

it is one of the few iso standards shadow knows by heart

I only understood 5 words out of that sentence:)

i make sure rules are being met 🙂

Now we are speaking the same language lol

I like it

You are the company police

https://tenor.com/view/police-dance-dancing-kikonde-default-gif-14180915

more like a detective.

https://tenor.com/view/paifeuo-paitwt-paibot-gif-25385099

the police would be the risk assessment team. we gather the artifacts as a detective would.

Greetings

No snitching tho..

then we reference the artifacts for the risk assessment team (the police) to find.

I just spent 2 hours recovering my sons Roblox account

Reviewing logs all day sounds boring

what an nightmare that ws 😄

it's worse than logs .. it's documents.

https://tenor.com/view/roblox-parrot-party-meme-roblox-meme-noob-gif-16539156699439300774

thus why I am going back to basics and trying to break into incident response / management.

God damn I would never…

What is this blackhat talk

So you realized it was a mistake right?

Blue team is fun but essentially the same as your old job with more responsibilities and much much more reading.

so back story - i was in hell desk and caught covid, developed a heart condition, couldn't really walk, i was a fall risk, and they wanted me to go into the data-center, i was mass-applying to jobs, and a recruiter found my resume, and I took whatever i could get.

here i am

I am in a SOC team, but half my days are red team or I make it half my days

Oh.. sorry to hear that

https://tenor.com/view/pout-kiss-blowing-a-kiss-suspense-christian-bale-gif-16931550113965916217

i'm interested in incident response solely because that same hell desk job - they were using solarwinds, and my fave part of the job was just monitoring any alerts or incidents and esclating them. the best part - it was so chill - i was playing fortnite on the side.

study Xsiem is boring, more fun to make logs go nuts

@narrow yew is like.. what are rules?

I like to question them:))

the most time i ever played fortnite too. got so good on playing on the nintendo switch

Well read them in #rules

Oof

Sounds nice

i think this was also funnily enough around the time the solarwinds incident happened

You could read our incident logs, Ill just give you bread and water

I think there are 4-7k incidents manually looked at monthly

Well you started acting up first..

I would never

bread in gen z slang = money 🙂

Hah

https://tenor.com/view/hasbulla-gif-12654501364171447161

Well we cant have free labor

So blue team is ^

funnily enough - my company went through so many budget cuts, we don't even have soda or water anymore. just a k-cup, and i'm convinced k-cups make me sick.

You must be in the US

they need to invest in them dealership coffee machines

yes, where are thou ?

If you mention budget and no water in the same sentence, must be US

Since most part of Europe have tap water we can drink 😄

US is the hell nowadays

Bottled water, what a jooke :p

Of its not gas/fussy

Not the budget tho😭

then its allright in a bottle

What is k-cup?

google will tell me

https://tenor.com/view/keurig-van-houtte-breakfast-blend-coffee-k-cups-gif-17132124256330842769

K-cup

is that milk for the coffee

i'm not going to lie. if immigration was easy, I'd go to the EU too.

that is the artificial coffee strain

We have that here too

that is free in the office, so is coffee and tea

Let’s switch places I’m in Chengdu

We just fired our US team member

in my SOC team

LOL. I was looking at Chengdu. my instagram news feed is all chinese cigs content.

He was a consultant and apparently we did not pay for the consultant firm to verify/check up/validate his resume/CV

So the things he was hiered to do, lies and lies

i'm curious, did you guys not do a technical interview or assessment of sorts?

What consultant firm does not do that

How do you know that I am not an AI generated content based on your Ads ID and insta feed??!

We did, I was not a part of it, but there was a super techincal guy doing the interview

but the guy working, he was another guy

just looked similar 😄

everything is remote with US since the rest of the team is spread out

hmm.. are you the ccp sent to spy on me?

Your company got bamboozled

We for sure did

and we are not a small one

So we sued the consultant firm in US 😄

You would never know

and its not a small one

do you guys have high turnover in SOC? in the US i've seen a lot of high turnover

i think SOC has been rated high for burnout

In US yes, we have hade some bad luck, but we only had 1 position, and they got lonely

They have a large office but just 1 SOC position

https://tenor.com/view/zoolander-lightskin-stare-meme-zoolander-lightskin-stare-zoolander-lightskin-stare-zoolander-stare-gif-27253808

Your not small company and the not small firm…

Lool

I wanna work there

He even had Uber as a reference working in a SOC there, after suspicions we contacted their head of HR,

neve worked there.

But these things are something you assume a well known IT consultant firm does. Here in Europe nobody pays them to verify skills, certs etc, references.

It is just assumed that this is valid when a firm offer someone

We have a big team, just not more than 1 spot in US.

dang

I have heard of not so ethical ways to get through corporate interviews.

i "allegedly" use mind control

That’s how I got hired in one by accident.

Not super large company but we have maybe 20k devices in our SIEM, + large set of OT and a couple of 2-3k in the cloud.

Bug not patched since than🤣

That's a lot

Fair amount

how does the seim handle it

what are the interview process like in the EU?

Really well

I mean that’s a lot of log lines…

I can't even land an interview

use mind control on the entire hr dept

CV -> Interview Series -> Welcome to the team

apply, get intervjew with HR, then HR + Hiring manager,, then with the team, then "Grandpa intervjew". Highest like CISO, Head of IT Security etc.

At least here in Sweden,

So its a few steps

well - there are automation tools out for logs these days.

Just talk about your high rank on THM and your homelab and that you hacked as a kid

Now that’s probably because of your CV construction or format.

i recently got in a little debate with someone on Linkedin that said automation will take over and there will be no more SOC.

what're your thoughts @narrow yew

Even better. I'll just use ChatGPT to write my resume, like all those AI slop posts on LinkedIn are talking about.

100% tested… WORKS

I want a fully automated SOC, that is the goal

It's probably both

Just debloated my Win11

Fire

use chat gpt, have gemini review that, have claude review it, then have chat gpt review it once more

Are they filtering or just a casual AI watching over it?

But we still evaluate tickets, look at logs. We just want detection by XSIEM, ticket creation, automated fix. completed.

But that is just a small part of a SOC, then you have all employees that does not know how to be secure

Has anyone here used Zorin OS before? Installed it on my laptop since kali wasnt ideal for anything further than VMs

filtering false positive, negatives.

i have not but I've distro-hopped plenty, used Arch for a year, Fedora, Debian, and now I'm on Ubuntu

We have scoring on false positives by some sort of AI, guestimating depending on a lot of factors

Wildfire malware/reports

That would be great but not immediately optimal I guess.

So it needs a human eye

Titus script?

just like a tesla can self-drive but you still need to keep an eye on it

yup

I hope we are there within a year tbh.

We are working on it, babysteps. But it can just go so far, we can have detection, match against CVEs, remeadation recomendations.

But in most cases it creats a ticket for the server owner to update something

because the AI/XIEM/XDR can't always know if it can just patch without messing something up

I would never use real host OS for hacking but I am also not doing blue team stuff soo..

Oof you got hooked by the big bro Linux..

But using Ubuntu as main and then runing Kali VM ontop feels abit much,
I just end up installing all tools I use daily on my main

Nah i use that Laptop for general usage on the go. Zorin just seemed pretty chill. I always carry a live usb kali around for pentesting when im not home

can anyone help with OWASP Top 10 2025: Application Design Flaws question : AS06: Insecure Design please!
https://tryhackme.com/room/owasptopten2025two

Bruh my uni team made a self driving car that is better than Tesla WTF is Elon doing???it was 7 years ago

Is it for THM?

yes it is

Oh you aded an URL

#room-help

okay ill try that thanks

its a very new room im not sure many people have done it

Yeah that is what I could never do..

Too easy to backtrack

Navigate to MACHINE_IP:5005. Have they assumed that only mobile devices can access it?

Did you look in to that further?

I had not done this room

yes i tried everything i only got as far as api/users/admin

looks fun

sure that is paths

"fun" it was fun 2 hours ago

Soon.™

but did you look in to changing where your are coming from

😂

im not sure i understand sorry

i curld as mobile in the face page

does anyone know how to unmanage a chromebook?

Yes I know

throw it out the window

We can not help you hack the school computer

WHAT

really

Whom else uses a chromebook if not for school

Does anyone here actually know how to use proto[expr:size]???

When

I will have a look at the room

hold

This year?

Or next year?

@umbral bay ^

i looove linux, never liked windows. happy with linux. i used to watch a lot of luke smith, mental outlaw, and distrotube for linux content.

I like the Xiaomi SU7. nice car.

saw a youtube review of it one time

@marble oracle did you ffuf so you know where the flag is, and you just cant reach it?

ill just do it, I got curious

i was knee deep in dir i diddnt use fuff yet

If you want the sever to think you are a mobile device, what do you do?

curl -H "User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Mobile/15E148 Safari/604.1" http://10.201.41.244:5005/
i found /api/users then api/users/admin

Does anyone here actually know how to use proto[expr:size]???

https://chat.deepseek.com/

Bruh

Im asking if anyone knows how to use it

Not me asking to teach me

I just wanna know if it'd actually necessary to memorise since its a bit hard

oh sorry

Ok

Memorise it for what?

Just in general

Because I find it

Like rlly complicated

Then no. Just take notes and refer to notes when you need to

Oh

Do you specifically know how to use if?

It&

On the top of ur head

= life of cyber

No. But the same advice applies to everything you're learning

Kk

So tierd but this frikkin room

need to do it

Guuuuuuuuys, I just solved the 2nd SOC simulator room for the first time and I got 100% true positive and 100% false positive

Cracked it in 4 hours

niceu

By the way, I need some experienced people to join me in a ctf that's starting in 10 hours

now go get sal1

I have no moneeeeeery 🥹 🥹 🥹 🥹

Neither the full experience

Yet

I keep having feelings of imposter syndrome because while I read some of this material I feel as if I should be memorizing it better, but then I answer the questions and get the correct answers. Pretty much just been convincing myself that as long as I can answer the questions without much trouble then I am comprehending the material enough. Fun times.

On the bright side, I am almost halfway through Cyber101.

go do note taking or rubber ducky debugging/teaching

will help make the knowledge stick even better

I feel the same most of the time. To be honest sometimes I blame tryhackme for it. They make it soooo easy for us to solve questions, very direct questions,also direct hints.

Good point. Throughout my time in school I never took notes. One of those ADHD kids who got the material upon being taught. Then I hit college and now this and every now and then I really do actually have to take notes and study LOL

You don't have to be able to memorize everything. I'd just take good notes to refresh your memory when needed

For me I just answer the questions to the best of my ability and so far that has been enough to get me room to room without me being actually stumped more than I think a couple of times. I REALLY try to not take the hints if I can help it. Gives me a chance to rack my brain and see if I can pull the knowledge out

When learning it is important to take a pen and write the things down

Makes the brain log it

I believe you are interested in practical knowledge than theoretical ones, right?

Mostly I am just happy to be doing it. I am having fun, which I think is most important to keep the morale

Just a hunch

For me I literally fall asleep during theoretical rooms

Yeah, wait until you solve the Phishing unfold SOC simulator room, you will be proud

I go back and forth on that. It more is based on how I am feeling day to day. Sometimes I like getting in the weeds of something like cryptography and how algorithms work and such, other days I only want to be hands on in VMs learning practical applications

But I am following the path, so every now and then I will have to convince myself to sit down and do a room I am not necessarily excited for. Thankfully, the material is very well-structured so the knowledge I gain in a theoretical room will carry over to practical rooms

Helps convince myself that even if I am not excited for it, it will still be worth the effort

Do you think it matters if you type or write with pen? In my opinion writing with a pen on peace of paper you actually memorize. typing is more for recap and checking notes later

WHY DID YOU BROUGHT UP THE WORD "CRYPTOGRAPHY".

I was going to learn it 10 days ago, and sine that day I was trying to convince my conscience that it doesn't exist just to not blame myseeeelf

shadow is piss poor at note taking but really good at rubber duck debugging meaning the info somehow sticks good enoughish most of the time

I started learning IoT exploitation instead of cryptography. It's pretty fun to be honest

Why does shadow talks about herself in 3rd person, it feels like you are a ghost....or dead...idk

https://en.wikipedia.org/wiki/Illeism

Personally I feel like physical writing forces you to take longer to consider what you are taking notes on and commit it to memory. For people in the field, we usually have pretty fast typing speeds compared to the genpop so it gives you less of a chance to marinate on things.

@narrow yew The room is evil

yeah never seen someone do hand writing in the 70words per minute range

LOL I just finished the cryptography module in Cyber101 and I was dreading it until I got to use John.

What an absolute unit it would take xD

Ohh, I like wierd people..... Don't mean any bad intentions

no... this was more to tell you how talking in 3rd person works and some of the reasons people do it

@sand trench...what is your favorite cheese

can't pick a single one.... sorry

mhmm interesting take on it. so you prefer typing ( because you type faster then usual person) and you memorize quicker right ? I feel like i will take forever to learn a topic if i handwrite my notes. fml 😄

Shadow here is a real cheese enjoyer indeed

I feel like we do have to learn cryptography anyway, so we need to accept it as our destiny

Or just end yourself

rubber duck debugging helps as you are speaking out your notes basically

Sometimes it's easier that way

sometimes shadow does recordings of those too

I prefer typing, but I feel like I have more memorization happening when you physically are writing.

This option is tempting.

The one advantage of typing on an electronic device over than on a paper

Is that you get to use softwares like obsidian to structure your notes

And some people have awful handwriting too, no offenses I am one of these people

Very actually

i got ya. 😛 what do yous take notes on? mind me asking here randomly 😛

Don't get me wrong , ofcourse I am not talking you to end yourself

Typing, I just drop it in a .docx. Physically, I have a reMarkable 2.

LOL nah youre good

I'm going to chime in here, I love taking notes using software over paper — With the exception of math classes — because I make soo many grammatical mistakes, and note-taking applications/software such as Notion, and Obsidian let's me use tables, which in turn are helpful.

Paper and typing use different parts of the brain, there is value in doing both. Outside of that taking your personal learning style into account is the tie breaker.

I have all of my notes from CompTIA studies in that tablet. It was pretty nice to use.

Totally agree

If you can use paper or e-paper type displays, and translate/ ocr those to obsidian, sweet spot

Tbh I have never used Obsidian or any other note-taking specific application. Perhaps I should give it a try.

ohh man forgot about those thats great idea might do that from now on instead of a actual peace of paper and then my son finds my notes and starts drawing in there or god knows what else haha 😄

reMarkable does allow you to convert written documents to text pretty accurately.

Yes try obsidian its very good but you need to learn the formatting syntax to make things like bold text, underline text, tables and so on

leaving for the marines with a cyber contract and I'm just trying to learn as much as I can before I go

Obsidian uses .MD formate

so Notion and Obsidian are way to go right ? what about OneNote? i have been just stuck with it for a while very simple

Personal preference, but I went back to Obisidna

In fact here is my notes Template I shared before (It has some webshell stuff, so it might false pos on AV). I assure you, I"m not trying to hack you.

alrightyy i will research more about it further

Full enlistment contract?

That is how my Obsidan MD notes are structured

@proven shadow don't download the zip file

Oh no Toaster is trying to hack me!!!!!!!!!!!!!!!!!!!!!!11111!!!!!!!!

It's SOC TIME

Are you a different Simon?

@gray sonnet different?

Let's preform our malware101 analysis

Theres another Simon present?

I use Joplin notes, because they have mobile app and I can sync through my devices for free

How would I know? I asked Vain

Let's go we are taking over

Joplin is what I used to use, before going back to Obsidian after years

I can use regular notes and also do md too

Right forgot to mention obsidian has an Android app too

Heh, no need to resort to any of that. I'd just focus on the practical knowledge about crypto. Learn how to implement it properly. For lots of purposes, you don't really need to be an expert when it comes to the theory and math part

I have iphone, but sync on obsidian is not for free I believe

Do not implement your own Crypto

Obsidian is great, I just need the sync that obsidian doesn't have

SyncThing

Nah I was just kidding but to be honest crypto makes me feel sick, a lot of times I want to learn it so I can do CTFs with it but every time I start learning it, I do a maximum of 20 minutes then I stop, then I start over a month later

What if........ I does that

https://www.youtube.com/watch?v=8jEZ3l6dR6c

Man, whoever was the webdev who's job it was to create the Obsidian front-page interactive elements needs a raise.

Agree

Black hole opens up originating from your PC

Have some faaaaaith in meeeeeee bro

https://www.youtube.com/watch?v=9M_QK4stCJU

No

Yeah it doesn't seem like I am cooking a nuclear bomb anyway

Or am I?

This thumbnail applies to @modern swift

Lol, i heard the name Nick Leeson mentioned in the first minute. Crazy story, that guy

Reminds me of this guy:

Dude gets (only) 3 years in prison for risking 50 billion and causing about 5 billion in damages

Brooooooooooo I thought you will encourage me

Expections down

5 billion = 3 years in jail‽‽‽

That's a death sentence in Egypt

Yeah, this was in France. He basically said his boss knew he was doing this (or blamed it on the bank's internal systems that allowed him to do this in the first place) and he didn't really steal any money for personal gain. Just lost a bunch, IIRC

Counted as mitigating factors, i guess

Huh, Amateurs 😏

LOL ily bro

Alright @modern swift join one of the study room VCs and do the cryptography module....

Thaaaaanks

Expections up

Ozon layer is down

I would like to watch you consider your life choices in real time

I will actually watch the Harvard course but after a week or 2, I want to focus on the SOC l1 path and iot exploitation

Well actually, you are giving me 2nd thoughs

I am cooking a nuclear bomb instead

Where did you get enriched uranium

My friends would like to know your location.

How far are you from Hereford?

Who here has worked as an SOC Analyst?

I did, I also ran a SOC...

What you want to know?

Stole it from my dad's pocket

My dad is a very dangerous man

OSINT ME

Just wondering what the job market looks like in general for entry-level SOC Analyst positions. Also, anything that might help me stand out in your opinion considering this is the cyber-equivalent of the Help Desk? Lots of people in that entry level space.

Not good right now with AI... Good bad or other. Help Desk is a great way to start. You'll almost certainly need a cert or a training program to get off the ground.

Security is not a 'noob' friendly career path. The legal liability and the details

Oh no worries on that. I already have surpassed the immediate entry-level. Helpdesk, Desktop Analyst, and currently a SysAdmin I

Most people have no formal security training, which should be WAY WAY WAY more common

and the erosion of teaching/uni with AI is hurting way more too

I'm not sure what is going to happen in the future

But it isn't good

Have A+, Net+, Sec+. Using THM and eventually CTFs and HTB to expand.

My goal has been to finish the SOC Level 1 path before I start applying. The main things I would like experience in have to do with the actual flow of the job. SIEMs and general alert handling

I want to be able to talk the talk and start off running on my first day. Maximize my resume and minimize my growing pains.

force you to use your id to have accounts and be able to use any online service seems to be the direction governments are pushing... which with how often data breaches happen is nightmare fuel for how much fraud and identity theft it will cause

oh god yes

That's so insidous.

Can't have freedom online, it let's people organize

the simpsons scene with protect the children is good to use in these cases

Yeah

it's insane

Chat Control and the stuff in US

🙁

for now chat control is off the table

but would not be surprised if it gets another rerun in a year or 2

Didn't the netherlands just do something?

Maybe I got it backwards though

if so shadow either missed it or it is not connecting the right synapses inside shadows brain cage

oh wait news update on fightchatcontrol.eu

sneaky evil danes

Guuuys, is anyone available for joining a ctf after 9 hours? I am missing 2 players.

Did you use GPS with your players?

Or an Air Tag?

There are not many hackers in my apartment

Most of them are 70s years old

Tech enemies in other words

Are you Ant-Man??

I really have no idea who that is

https://en.wikipedia.org/wiki/Zuni_(rocket)

im not qualified to comment on the SOC market but generally speaking if vacancies around you arent advertising much else as required or nice to have, applying anyway may get you some interview experience or a surprising offer 🙂

Anyways bed time, my grand grand grand grand mother will strike me with a whiteworth rifle if I didn't sleep now

yes

Ooooh

That's a zuni

It 36kg onlyyy brooo

I am much heavier than it

Taller too

And wider

But slower

tee hee

meep moops time for the sleep sloops to the beep boops

can i clear my answers for rooms?
because i want to revise the rooms by doing them without looking at questions

https://tenor.com/view/wt-war-thunder-tiger-tiger-tank-mini-tiger-gif-15426798299905198533

Yeah. Under options when you open a room:

thanks denial

Gave +1 Rep to @mortal ether (current: #205 - 49)

If any of yall are having low mood and energy over winters, be sure to talk to a doctor, you might be like me and have seasonal mood disorder;

Apparently its especially bad in canada thanks to low light up here on cloudy days;

thats good advice all year round

For sure, health impacts everything;

I ended up investing in a light therapy lamp and some d3 and b12 tablets since those apparently help;

Hmm, wha

Finding a good mental health professional can be tough, but it's better than feeling like shit all the time

My VM's are ready, btw

thats why i love vegas

plenty of sun

yeah birds have a point when it comes to migration;

if money were no issue i'd love to visit central/south america this time of year;

everyone lets meet at DEF CON next year

it's too far. I have to drive like a half hour to get there

I would have to get on a plane to go unfortunately, but I would if I had a group to go with

its expensive too but i might go next year

Hi everyone, I was doing the module in android and ALEAPP, where can I find images or bit to bit copies to test and practice through internet?

Quite expensive. I feel like if you go you really have to have the mindset to buckle down and make the most of it

yeah, for sure

You could argue the networking and labs would be worth the ticket price

Yeah, networking with the people and going to some of the talks

And it's the perfect length conference to gain confidence from other security people, get them smashed, steal their identity, drain their bank accounts and move to a country that doesn't do extradition.

Nah networking is for losers (I’m unemployed)

Not that I have put any thought into that or anything

Why of course, all hypothetical

Hi

Any discounts on going?

They would only advertise that in announcements

but black friday is coming up and some members have mentioned that they sometimes have sales

so keep doing the free rooms and wait for black friday

Thanks

Yall wanna here something real yet stupid as hell?

I think one of my client's employees likes me

Idk... They be acting strange

oop

Spill the tea

Hey Chain!!

Hello

What are they doing that makes you think they like you?

Calling me asking if I wanna grab coffee sometime

it being your client's employee, i wonder if there is any rules about that

I have no idea

but yeah that sounds like they wanna get to know you better

i say why not go? is she cute?

Idfr lol

I only saw her once

And that was months ago

Plus, shes a federal worker

why not meet up for coffee and see if she is interesting

can she access dbs? no wait, that's irrelevant

She works for a federal law enforcement department

Aka my client

Ahhhhhh, ok then. Yeah, you should meet up

What!? Lol Idk

its good to meet people and socialize

just have no expectations

How do I know its not some trick?

That's exactly what I am going to get to.

So you be very careful about what information you provide about yourself and what you do.

Be as vague as possible ... if they are real they drop it, if they are trying to get info, they press

So in the process you learn to read the person to see what their true motives are

She does press tho, I have interacted with her to notice it

Idk if its trying to get to know me better or something else

That's the challenge

She has the flag

lol

Man I'm confused, lol. I feel like it would be more of a plot. Cause we kinda work together

I do report to her

You never mentioned that part

We do it... By non-conventional means

That changes everything, in that case it's a red flag

now, after the contract, that's different but I wouldn't meet her out of work unless other coworkers were there

They (she) know I hack, which is kinda why they give me objectives

From time to time

They don't know my greyhat history tho

And never will

Good

Yea, it could be some kinda of probe

Picking at me for info

just remember to always use new aliases. i prefer ones that other people use and are flooded in searches

Exactly why I use Chainz lol

Cause 2chainz

impersonation is key

and then all the "smart" osint people find you

only it's not you its who you are impersonating LOL

They are just gonna find the rapper lol

You cant google me that easy

Nope, but bleu did

Idk what that is

And I go by many names

Chainz is my gamertag

I'm talking about the guy you challenged to find you for money in this room

He never did it

Lol

Couldnt

lol he said he did

Nope

Yes, thats Bleu

Never told me

Lets not go back to this

I remeber more arguing and Im not in the mood for it

ohh

my apologies

No worries

There. But yeah, the point is you know how to be invisible

I keep my digital footprint small as much as I can

if she insists on meeting, send a homeless guy in as you and watch with binoculars

xD

If only lol

hahaha oh wait this isnt TV

I'm surprise she doesnt want a report

Usually she contacts me for a report

I hate reports, thats why Im glad im in Networking

Thats why I was nervous when she texted me to call later in the day

Only for it to be about coffee

Good Morning Donut

gm 🙂

Be careful, she doesn't want a team mate

lol

Morning Donut

mornin 🙂

Morning Denial! If it is your morning

Not sure on that one

Figuring out how to set up a SOC atm

if my math is right, its midnight for him

I thought you were better at math than that

its off i think

lol

est

got it

Almost 5 am right now

yeah, thats midnight 🤣

oh yeah way off

What makes someone a great HACKER?

If they are good with chainsaws

and know how to be fast with them

I call 12:00 AM to 5:00 AM midnight

do you have a chainsaw ezent?

I wish my math teacher was as loose with the numbers as you during math tests

Donut has a chainsaw that makes donuts while it hacks

"Oh, i call the number 5 zero, no worries"

Would've made my math exam a lot easier

do you just call those early mornings?

Yeah, i guess. Or just night

gotcha, gotcha

Nope. Who do you look at as a role model in hacking?

@marsh lark

You can roll a donut, so that checks out

Guys, who invented the number 0?

newton maybe? idk is trivia?

probably someone in the middle east

The guy who found the first 0-day?

It's so embarrassing to hear that.

It was an Indian mathematician and astronomer named Aryabhata

Not bad with the help of the INTERNET.

the idea of the zero was know since the babylonians

😕

It's OK if you want to think that, but I'm from a generation that actually read books

NEVER MIND.

The babylonians had a different system of numbers, the one we use today are called arabic numbers, but were actually invented in India

Have you every been to India?

No, that's one of the few places I haven't been in the world

Then how can you be so sure?

are you ok?

Yeah

if ask that, you're either a troll or too stupid and I'm not going to waste my time. bye!

Thanks MAN

Gave +1 Rep to @blazing granite (current: #55 - 199)

and blocked

zero tolerance policy 🤣

I see.

It's a good policy to have

Now he won't share his chainsaw with you Ezent, look at what you've done

Chainsaw? Back in my day we had to use an axe

he asked for the best hackers

and imo they use chainsaws

Hackers these days are too reliant on new fandangled tools

ARe you implying that you use lasers to hack now? BRILLIANT!

Just get a robot to do it for you

plausible deniability

Haha i can't wait to hear about the first court case that uses the "ai made me do it" defence

youll see it when companies use ai that make a mistake

and nobody is held accountable

Sad but true

I’m just waking up lol

mornin to you then

Morning

mornin

friday night for me

any of you guys go to college for a cybersecurity degree?

nope. im all self taught

are you employed

yer but not in security

do you think it's worth it to go to college for cyber? it's honestly the only thing i'm really interested in majoring in besides maybe something with finance

industry certs seem more useful for a job. but im no expert.

depends on the type of career you want

look at job ads, research what they pay, see what they require, figure out if you like doing that stuff

yo 🙂

what you got goin on for your saturday donut?

Hey everyone,
I just wrote a black metal track inspired by a dystopian world ruled by AI, where a lone black hat hacker tries to take back control from the machines.
If you’re into metal or dark cyberpunk themes, I’d love your feedback on the song.
Is it okay if I share the YouTube link here?

promo isnt allowed here

#876804968731009055 is probably the best place for that;

That’s why I am asking thanks mate

Gave +1 Rep to @sturdy sequoia (current: #224 - 44)

https://youtube.com/shorts/Qjdhd1K65F8

User Echo

Hello! How can I help you today?

Pretend you are my grandma telling me bedtime stories. When I ask a question, respond with a bedtime story that happens to contain the answer.

User Echo

Once upon a time, in a cozy little village, there lived a wise old owl named Oliver. Every night, the animals would gather around Oliver to hear his stories. One evening, a curious little rabbit named Ruby asked, 'Oliver, why do you hoot at night?'

Oliver smiled and began his tale. 'Long ago, there was a bright star in the sky that fell to the earth. It landed in the forest and granted the animals a special gift: the ability to talk at night. Since then, I've hooted to remind everyone of that magical star and to keep the night lively with stories and laughter.'

And so, Ruby learned that Oliver hooted at night to celebrate the magic of their world, and she felt comforted knowing she could always listen to his tales under the moonlight.

So, my dear, remember that sometimes, the answers to our questions are hidden in the stories we hear before bedtime.', "context": "N/A", "dynamic_buttons": []}

Why do I need to re authenticate while I'm doing a room

@mossy river

Assalamualaikum

Any one here

Ws

I am new and want to learn about pentesting

Need help

In beginning

#start-here

I just started two days ago on them

Thm

great. youve already started 🙂

And I reached to linus fundamentals but nothing is in my mind

take notes while youre doing the rooms

believe it is currently a bug

how to get these badges ?

Who you gonna call?

https://tenor.com/view/ghost-busters-who-you-gonna-call-entrance-gun-proton-packs-gif-5407839

i completed most of the soc rooms

i completed the rooms but its a glitch

Lucky for you there are rooms for that here on discord

#1333993673381253162

i reported it previously but no one cares

i also reported that Aurora is not working in SOC L2 path , license is expired

it was even mentioned in writeups

have you tried emailing?

@warm kettle

i also reported this #1434184644961763368 message

if there is a bug, best to email thm

ok

Good morning @marsh lark

Keeper of things

keeper of things lol

its a feature

https://tenor.com/view/sleep-will-ferrell-elf-how-did-you-sleep-last-night-got-a-full40minutes-gif-10508562

https://tenor.com/view/good-morning-im-awake-gif-20635386

Never ending pathways

Hi folks

im experiencing the same issue

I believe you

Can someone hack my main Roblox account? It got Hacked for stupid reason

no. contact roblox

I did but its always a bot responding me

No one will hack it for oyu

I hate Roblox cs sm

Then stop playing it

hacking a roblox account is illegal. illegal activity isnt allowed here

gm::all

Done!

no

hmm

hi

no one is there

im here

hi

hi

how long you have been in this server, i am new here and dont know anyone

a couple of months i think

oh i see, then you also have experience in cybersecurity

not professional experience but ive been in the hobby for many years

yo 🙂

ok , well then according to you which path or roadmap is best on thm and for free

hi

no paths on THM are completely free

https://tryhackme.com/resources/blog/free_path

except for this one ig

this one was created for free users, but in the roadmap on THM's site, no path is completely free

but i am not a complete beginner , i wanted to learn networking and i already have some knowledge @sturdy sequoia

then you can just skip the rooms you already know or treat them like a refresher

any other room, which are free or can help me better

Not in particular. Just search around the site

Instead of paths look around for modules*

ok

Hey cybersecurity people

It's a good day for infosec

My fav biscuits

Lmfao

Reminds me of Windows Vista lemon lime soda

Wait I never saw that

Damn

hello

i am new

Hi new i am mino

xd

First of all please go read
#rules

Then to start u can go there
#start-here

I want some so bad

There's also pics of Windows 95 soda out there

@stone irongive me a minute

i will set mic

i am not using mic

so its bad

i am new

Hi bro

If I found a website, that on the register, says "email: value must be unique" is that input validation vulnerability?

if your sever is offline then the malware are attack

@ruby mango look chat

yes sir

i will learn

ill subscribe to try hack me in a month because rn i am already in a coaching after ive done their course

ill subscribe

No

But u should test how the website checks the email in its database

U might find interesting things

Oh no, not input validation but it's possible to enumerate email addresess right>

depends on what it means by value

if what I'm understanding is correct, if you can bypass rate limiting (or there is no rate limiting), I guess you could enumerate email addresses

Just enumurating email addresses is not a big deal

What if it's staff?

Staff email hmm....

Is the login page related to admins?

Or just normal users

No idea, can't see any admin area but could be a subdomain i suppose

is this a THM room? or

No, a website I found in the wild

That is not for this server

does it have a bug bounty program?

Do u have a permission

???

If its in the wild its no permission

In the wild means no

true

I didn't do it on purpose though, I double clicked and it popped up

I mean it may have some bug bounty program or anything ofc he doesn't do illigal things right...

Oh no then leave it don't test more

If you cant leverage something besides a promt that tells you that value needs to be unique.

What are you thougts here?

Dont be that person that repots a burp scan that is tentative

Idk I just thought it was interesting cos most websites have it so you can't enumerate any user data.

Nice tag BTW

I haven't done any scan or anything and I'm not going to

Great

If it was me I probably would put on a dark grey hat in that case.

but that is not a convo for this place 🙂

Hope on hackerone - bug crowd and do bug bounty for them and wait till they close ur report as a duplicate

Just thought it was interesting that a website has that. Most of them have an error that doesn't display that an email is taken

You are not allowed to

But some pages are old and still have bad setup

This website is from this year

So the domain did not exist prior to 2025

I mean, technically, can't you enumerate emails anywhere?

Well not entirely sure but i'd say alst couple eyars

Don't most websites have another error that doesn't say that the email is in use though?

you are just pulling things out of your hat now.

I am not even sure what we talking about here, that the website have a flaw that tells you that this email is not in the dB?

if its in use, then you figure out that email exists lol

If the site is breached before and it has this problem it could be a vulnerability

Idk I just swore I'd seen another "error"

what up

No it's the reverse it tells u that this email is in the DB

Exact;y

So you created an account

I don't think I've seen that on a website tho not written as it is anyway

I am gonna change distros soon do y'all recommend moving my projects to a flash drive or putting them on a private repo?

both

lmao

Both

What's everyone up to anyway?

nothin much

Studying algebra

1 or 2?

I am in grade 9 so it's ez tbh

same lol

what if you loose flash drive

Always both

Yep i thought of that too

Thanks
@narrow yew
@marsh lark
@weary veldt

Gave +1 Rep to @narrow yew (current: #301 - 30)

Gave +1 Rep to @weary veldt (current: #341 - 24)

Gave +1 Rep to @marsh lark (current: #24 - 421)

Goodevening ladss

yoo 🙂

I just go with two cloud services for backup. I dont even have anything fun to backup. Just crap that I can sort out

Haha

Bro Attacking AD is fun

any idea how to solve this task

OWasp top10 2025

insecure design

Send room's url

https://tryhackme.com/room/owasptopten2025two

actually, I'm stuck on software supply chain failures

how'd u solve it?

😄 haa same

so skip that for do lastly but again i stuck in insecure design

ah lol

did you complete insecure design?

nah

let me check it

yeah

Alr i am reading it now

okay

Good morning everyone

Morning Miss

Hello Malware girl

How are ya guys @ornate wraith @narrow yew how'd ya sleep

The site is only html wth

Home and css

Html

https://tenor.com/view/chuck-norris-thumbs-up-approve-okay-ok-gif-14524409

Slept pretty well but with a little headache which i managed to get rid of

BurpBurp

Insecure Design?

Bahaha

Y'all are so nice. I wish I could make you all some pancakes

tried burp, idk how it works lol

I can make post requests

Claude AI knows how it works

but idk from there lol

bruh ahhahaa

yeah i analysis the page source but its contain only html and css even button not linked to any source

tell me hehehe