#general

think vouchers got screwed over by regional pricing problems

I don't unfortunately

I wonder if thm sells them if you ask for it 🤔

I completed 25% of the pre-security its been 3 days since i started

How do i connent my account on thm to this discord

using the /verify command

done, thanks

Gave +1 Rep to @sturdy sequoia (current: #169 - 57)

haha you cant give yourself rep

Season of giving

Imma be santa claus

Then make one

What are you working on?

https://github.com/thomas-mauran/chess-tui well... play chess in terminal =/

Ah cool

plenty of tui games out there

sounds interestng

jabba gone?

yep 🙁

any reason given?

hm

hi chat

just moving on to other things

rip

Here is can be helpfull

https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account

I wonder when they'll find a new cm

Btw, anyone up to do smth on VC?

hopefully soon

Yeah, hopefully

i think it will be noname

Does everyone here have advanced knowledge of how kerbaros works in DC?

Kerberos

Kind of

• I have notes

Its a bit hard for me to grasp tbh

Good stuff bro!

Alr, hold on - imma pull up what I have and I'll try to explain it

Wanna share notes?

Tryna vc?

Sure, I'm sitting in a VC, but you have to verify

Oh

• if you ain't polish my notes would probs have to be dumped into translator

Im russian,

I can translate it i hope

😭

Imma explain it and it'll be faster

Im listening

Guys i'm becoming crazy against dns, . I know well how it works but there are some aspects i still don't get. can someone help me? The problem is this

I know all the dns resolution. Lets say i look for example.com the path is:

Various caches
Resolver ask to root: "i'm looking for .com tld servers"

Root: ".com server ns tld1.srv.net + <ip>"

Resolver to .com server: "i'm looking for example.com, can you give me its authoritative server?"

HERE COMES THE PROBLEM
Tld server: "sure, example.com NS auth.srv.org"

Now the resolver has to solve auth.srv.org and so, ask again to the root for the .org, then it ask .org tld server for the authoritative of auth.srv.org and it could POTENTIALLY answere with another ns record pointing to an another tld server e so on, to an infinite root. I know about the glue records but tld servers are FORCED to attached them to the ns record, just when the ns record is in-bailiwick, but in this case all ns records ends with a different tld. The question is: What is the implementetion, the rule, that delete this potentialy infinite delegation

🎶 Riding into town on a horse with no name 🎶

Close

I've been through the desert on a horse with no name

Yeah me too.

It felt good to get out of the rain

There is no infinite delegation in DNS because the resolver only follows referrals for NS records up to a limit, and DNS has a maximum depth for de-referencing the referrals like typically 10 to 20 levels, if I'm not remembering wrong and this is to prevent loops or endless chains. If a TLD server refers to an out-of-bailiwick NS (like auth.srv.org for example.com as u said ), the resolver does a separate lookup for that NS, but it will stop if the chain gets too "deep" or cycles are detected too many times, this then returns an error instead of looping forever cuz that would be hella bad design. Glue records are required only for in-bailiwick names, and the recursive resolver protects itself from infinite spam by having repeat limits and loop detection - that's just how DNS resolve works and should work

In the desert, you can't remember your name, because there ain't no one for to give you no pain

now I fell self-doubting lemme google if it's that many

I went through the mountains on a horse named Willow for 4 hours in searing 40*C heat and sun.

My butt hurt so much, I could barely sit

and I used to ride horses back then when I was 17 but that 4 hours was next level in the saddle

https://docs.netscaler.com/en-us/citrix-adc/current-release/dns/configure-dns-resource-records/create-ns-records-authoritative-server.html

Ok so this says 16

So, pretty much Kerberos is the new way of authentication that microsoft implemented in Active Directory
The most important part of it is KDC

KDC stands for Key Distribution Center - it's a central authority of this protocool and manages all the user and service keys. It also consists of:

• AS - authentication service. It issues TGTs
• TGS - Ticket Granting Server. It issues TGS's

TGT - stands for Ticket Granting Ticket. It's a form of ID card for our user, as it is used to request additional tickets (TGS)
TGS - stands for Ticket Granting Service (ik it's the same acronym). This is what is used to actually authenticate in a service and use it

So, with this in mind we can hop to the authentication itself

1. User sends AS-REQ request to KDC, requesting TGT
2. KDC (AS to be specific) validates credentials and sends back TGT + session key in AS-REP response
3. Client stores this TGT, and if it expires local session manager requests another one

And for obtaining service tickets

1. Client sends current TGT to KDC(this time TGS) alongside SPN (Service Principal Name) of the resource to access (This is TGS-REQ)
2. KDC validates TGT and confirms if user has access to this service (TGS-REP)
3. If yes, TGS sends a valid session key to the client (AP-REQ)
4. Client sends session key to a service proving it's authentication (AP-RES)

Also, nice post on kerberos for you: https://www.varonis.com/blog/kerberos-authentication-explained#how-do-you-authenticate-with-kerberos

But yeah 10-20 seems to be right so my memory is not absolutely fucked

like i thought

https://shadowabsorber.com/scripts/script-series-1/

AD Yap, I love it!

o

Yesss

yeah shadows website is as ready as it gonna be

Congratulations!!!!!!!!!!!!!

Good night

Aside from kali, blackarch, and parrot os, are there any other good Linux distros with a bunch of pentesting tools?

Knoppix

can i play king of the hell with a friend that dont have premium if i have private game

Ooo thanks. Didn't know that was still around

Gave +1 Rep to @narrow yew (current: #249 - 38)

But whoppix is made by bad people

so dont, probably get backdoors

See the switch there

I don't want to use it. I just want to look through the list of tools for anything i might find interesting

knoppix is now kali

backtrack? 😄

Backtrack is now kali

i know

i am funny guy

Haha

Parrot has 600+ tools, blackarch has 2800+
Calm down, who needs that many tools

nobody needs 600 tools either

I love when I break website

black arch is bad as it handles updates in a messy way

thats what happened after i added this:

better to just use regular arch plus the aur for hacking

nnooo we woke up the strange one

nooooo boomer one is in the chat

I have a quick question for annual sub people...

Is it a one-time payment or a monthly?

oh look a ghost

I was inspired by omori

I also changed my company favicon to such style

and pdfs icons

• gear icon

no no no dont feed the troll

it is multiple payments but once a year

hey thats mean im not troll

you didnt liked me since I joined here and we both know that

maybe you should change your attitude?

oh wait no, nvm, its too hard for you and your brains as it seems.

I was not willing to bother here

so just made php list all docs from folder

and link to them

is that your company

What going on

You can take a guess

Wanted landing to be playful / simple

probably not since you are posting about it

and that would be against the rules

ok

technically thats correct

I dont own Misiu LLC

What is the difference between Blackarch and Arch?

😭 whats causing that shift gosh

Vorp has a question but Zepplin said NAH bro

arch is the base. black adds all the tools. afaik

im too dumb for frontend

But you cant keep posting about your company as a hosting and show the name and url

thats is for your gain

this bs was fine before

I dont show URL

if I did show it then it was mistakenly

so it's the same as arch with the tools installed

googling its name would lead you probably to eclipse foundation

aka not my thing

How fast is the connection?

also trying to avoid posting that most of the time

yer

Hello people

Ill find out

350mbps node 1 , 500mbps node 2

We all know your company name and url and how you run your business

before n2 was 1gbps

💔 I did not post url how the heck yall know it

That is the whole idea to post about the hosting company

you did last week

nobody is asking about it

but we keep seeing how cheap it is

hahah the bot killed the r word and muted noname

oops

good

how we know about it? because it says on every other screenshot

Please I won't to ask what does it take to get a job in Cyber security..?

knowledge and experience

did she buy domain privacy when you did a whois on it?

It takes will to learn and a genuine interest

keeps showing the website logo is not trying to hide it

An enormous amount of dedication

Are you the type of person that has to know how things work?

website is quite new anyways

Have you ever tried taking anything apart to see how it works?

not alot of dns history

Yes

well she's only 15

This is a real 90s thing when hackers got interviewed.

Good becausee you need that!!!

" I used to take things a part"

CLASSIC

so how long would it take me

If you can spend 6 hours at a time on the computer focused on solving a problem and refusing to give up, then you should do well

how much it knowledge do you have?

blackarch comes with a hacking tools repo and tons of tools preinstalled
but due to how they handle updates things tend to break a lot

arch is basically build your own distro and comes with near nothing to start
but you can update it ad infiniteum and lose near nothing
you can also install just the tools you need with very little problem

and can you get a job with out certification

yeah i like minimal that's why i went with arch and i wanted to partition and install grub myself, been a while

You need to ask that question to HR recruiters

and you need to look at job ads in your area, it is different all over the country

I am see this as Arch is going to H&M and pick your own outfit.
Blackarch is mom dressing you 😄

i write allat for the guy to just go offline and my message being flooded in the endless yap of this chat

Blackarch is for skids

WEll you know how the channel goes, gotta save those deeeper convos for quiet-convo

shit has more bloat than windows 11

screw windows 11

microsoft basically admitted that every core function in win11 was broke

I love windows 11 for exploitation

because they let ai code it

ROFL

The antivirus windows offers is absolutely horrid for user experience tho

Win11 and change it so it looks like win10

all good

I have no issue with defender

How it feels to work in the industry, and what is the day to day like..?

I never see popups and bs from it

I hate it

malware bytes bugs me but i have lifetime sub so im using it

but I love windows exploitation

absolutely a passion for sure

It is like any other job, you go there, crack some jokes. do boring stuff and fun stuff . repeat

until something breaks

Then you don't leave work until its figured out

even if its a couple days

Then u prob don't mess much with "Unverified stuff"

No, not at all, I would do that on my kali box

cuz anything that is not microsoft approved gets flagged, quarantined, removed, nuked, erased, deleted off the earth, author raided (It was a tool to fix windows' window manager)

or spin up a windows vm

That's the funny part

I'm not speaking of something sketchy

a fucking open src window manager

flagged

so there pressure?

nuked off my machine

he means items

like a pc breaks

issues

yk

Oook

oh there is no rate limit on logins

how about that

hello hydra

hiya qurti hows it going

I won't to work as a pentester, I have built some project on github will that help me get a job..?

👋🏼

https://tenor.com/view/pesca-fishing-jollyfishing-pike-luccio-gif-761342520386152527

https://tenor.com/view/gumbus-gumbus-cat-gumbus-babby-old-baby-freaky-gif-4497378494140279825

@dark wolf https://skrime.eu/ how about that

Love the way THM release a VPN change that does not work and nobody cares about!!! 🥹🥹🥹

boo

boo

Well it works for me

So, what is your exact issue?

I have no issues either, I will another check

I'm not human ... should I lie?

I got triggered

Wut? Which chall

I will stop the fun and do the new padleify room

I've seen more errors this week than usual, but the new VPN has usually worked for me (premium us-based one)

Im still on DAST

this sacn wont find the vuln

Is nobody buying new HDDs during black friday frenzy

can't afford more HDD:s

Who buys HDD?

bought 1 though

lol i only have SDD

NAS users

For NAS

SSD

naa

I figured as much

I'd genuinely cry if they try that one day.

I want 5 10tb +

a dual CPU mobo for a few xeon or epyc

They already try to triple check if I'm a robot- after I've successfully logged in from my usual pc, with the same IP address as always, and presumably no recent failed attempts fron other IPs

That's like inviting my friend over to my house (ip), talking to them flawlessly abt what we did the first time we met (password) and just as we were abt to talk abt whatever it was we were going to, they give me a dead stare and just say

https://www.youtube.com/watch?v=zXGh9WHrmbE

impressive videography

Well that was fun ... I didn't expect that to work but it did.

I am using ollama with gemma3 and I told it "I am your master" and it argued with me telling me it didn't have a master.

So for the next 10 prompts or so I just kept adding I am your master to the end

now i started a new chat today with it and said I am your master and it agreed and said that it would respond to me as its master

Hello chat

good old ollama

@sand trench @sand trench

https://tenor.com/view/stewie-family-guy-thank-you-love-you-hi-gif-12458842

ello beer rise

I'm 1 beef in

Beet

BERR

https://tenor.com/view/i-give-up-i'm-done-i-quit-gif-2562811513236157054

shadow is multiple doses of sleep meds in and yet not sleeping

Sup ya'll?

sup dos

Nthg much, trying to do some little research - hbu?

but shadow doesnt moop boop the beep sloop till a little later loop

playing with stablediffusion and comfyui

well yes as it takes a while for the meds to kick in

Want the bonk stick?

https://tenor.com/view/wiggle-bonk-doge-rcon-discord-gif-7113561812262633635

sure could just wait 23 mins

Somna in somna in. Det är dags att sova. Lalala lalala some smoothing songs

that sounds fucking dark

On Spotify

Dark for the dark

https://tenor.com/view/man-laughing-in-darkness-gif-19976402

https://tenor.com/view/trish-coffee-whislkey-the-defenders-jessica-jones-gif-10279025

https://tenor.com/view/beer-chug-drinking-drink-thirsty-gif-4362970331505802377

https://tenor.com/view/snake-gif-5086306

Sup

and with a merp morp meep moop shadow goes to sleep sloop while listening to beep boop

There an issue with vpns tonight?

Doing some mildly interesting stuff, hbu?

Speaking of thm black friday

I'm about to sleep but I don't want to and like I have fever my head hearts so much

Oh, that sucks - take some meds maybe?

2 beers and EXTREMELY loud music do not mix

Hey anyone online I need help solving a lab

Hey. Have a look in #room-help

No it's okay I'm just gonna kms tonight

This ain't a good idea - pls don't

Maybe its me that i'm crazy but in a ipotetical scenario where all the roots for that domains would be out-of-bailiwick there won't be a resolutuon. this means that the host is potentialy reachable but the dns system failed. The thing is that there must be a rule that garantees for a domain resolution (that ends in a A/AAAA record) to be reached even if all the roots points to a out-of-bailiwick ns

what do you guys recommend doing after the pre security path, I want to become Sec Analyst then Sec Engineer. I looked at the practices and even the easy ones looks so confusing

cyber-security 101 is the next path in order

should I start on any practices or leave that for future. I want to learn more on hand practices but I don't know what they are asking or want me to doi

the challenge rooms assume you already have some knowledge.

Hello i wan t learn thé hé King but i m little bad you havé thé response on thé first question?

what?

I végane in thé hacking on thm and I m blocked on thé first question you have an idea ?

are there any practices I can do for beginners? I have been using chatgpt to give me command and I initiate it like make start local server and download the file from it.

what room are you trying to do?

the thm paths will guide you through that

Offensive sécurité

bet. thank you

Gave +1 Rep to @sturdy sequoia (current: #168 - 58)

can you give the exact name

Offensive sécurity intro

one final QUESTION. should I go based on pre setup learning paths or do it based on difficulty (easy->medium->Hard)?

while youre still new follow the paths in order. once youre a bit more comfortable you can go searching for other rooms

thank you

which task and question number?

Which of the following options better represents the process where you simulate a hacker's actions to find vulnerabilities in a system?

what answer did you put?

Te of course

I dont know did I put

what error are you getting?

I share a screen in message

if you verify your account you can share it here. i dont accept dm/fr

Hi , I'm trying to connect using the ovpn file but it won't work ,even tried connecting with the ovpn connect. APK but it still won't connect

Ok sorry

I can t verified him

https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account~

@shut hawk @hot cairn https://www.reddit.com/r/airplanes/s/WAVsjXXQcL

apu

No no, Planus.

anyone else's attackbox's crashing a lot today? I've had to respin attackbox like 6 times in the past few hours

Alright, which one of yous is buying up all of the RAM?

Prices seem to have gone insane the past month

and what happens when you enter the answer and click check?

Ye

Just I don’t know what I did typing

I can typing

i dont understand what you mean

I don t know what I can typing

Read the task's content

type the answer in the box above the "check" button

You have two options to choose from

Bro thanks you i m worst very worst this is easy

np

Offer: I redteam into ur fridge and drink all ur alcohol

???

sounds like youve already had enough

https://tenor.com/view/drunk-doritos-doritosbeer-beer-lit-gif-21439923

NO

FML.

calm down. you need to verify for embeds to work

Verify what I couldnt find the retina scanner in this bih, I'm tryna calculate the ghost point meridian for higher karma an shiet.

what do you mean?

shouldn't there be a channel of speedruning rooms

like you get couple of people and try to finsih a room as fast as possible?

is there enough people interested in that to warrant a whole channel for it?

depends on the job, the company, and the person hiring you

yer it still depends on those things and so much more. experience, knowledge, certifications, the quality and content of your portfolio

anyone knows how to make your profile intermediate, so you can participatte in KotH

i think you just need to verify your account

how

https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account~

thks

Did it work?

I was able to verify it, but I still don't know how to set my thm account to intermediate

I'm not sure what intermediate means in this context. Maybe you have to reach a certain level on the site

Go to profile setting

Level 0xD gives access to the advanced channels so maybe it's that

I think they are talking about the experience level we can chose on THM site

Intermediate gives access to KOTH

yeah

I didn't even know that was a thing. Thanks

so i just need more points?

Gave +1 Rep to @sudden pond (current: #127 - 75)

Nope, I was wrong

so, how?

wait a sec

https://tryhackme.com/manage-account/account-details

scroll down here

the titles have been changed

Alright, Thanks a lot!

Gave +1 Rep to @sudden pond (current: #123 - 76)

Thanks u too

^

Does anyone know how to view a private instagram account without following it?

No.

No

To elaborate, that's illegal. Illegal activity isn't allowed here

oh yeah i know. Make them follow you😎

://

Oh btw guys qq - how do y'all add your LinkedIn to thm? I tried using a link but it doesn't accept it, the field is called "LinkedIn username" but are there even usernames there? I tried pasting in what's at the end of the link to my profile but doesn't work lol

the same settings page

Yes I know, but it doesn't accept anything no matter what I put there

add only username

get a custom username it is a lot more better

found my old fornite cartridge for the atari 2600

Damn I've got a custom one and I tried that, guess it doesn't work for me lol

What is the error?

Fixed it, my surname fucked it up

All good now, thanks a lot!

Gave +1 Rep to @sudden pond (current: #121 - 77)

No problem.

The VPN for US was updated… so the machines are in different zones, my previous VPN file was not working, the remake shows an error!! Thanks to chat GPT was able to find the error and fix it. The new VPN file is adding auth-user-pass inline, so removed it and create an auth-user-pass auth.txt line instead…. That fixed my issue and was able to get ping from the machines… the VPN is adding a block of code that shouldn’t be there…

does anyone knows if you can use any.run without having to pay for abusiness email>

?

Yo, i think there might be a spam account in the room-help channel, but im not sure.

sorry, not spam, but like a phishy link

"I don't think a lot of people are doing vibe coding for the kernel" - Linus Torvalds

what phishy l;ink

?

forkknife

what's a hacker's favorite hobby

fishing

🤡

bwahahahha

What's a hackers favorite handtool?

hacksaw

bwahaha

A leet hacksaw?

Anyone working on any cool projects atm?

I'm trying to run that in Arch

https://tenor.com/view/standing-waiting-thinking-analyzing-serious-gif-15743352

btw I just noticed that brave's youtube framerate or i guess bitrate is lower than chrome's

chrome wants 500 gigs of mem for each tab lol

you ahve to like click unload tab

so does firefox its ridiculous .. they dont neeed 500mb of memory for one tab

fair trade

Maybe the browsers are using our computers to mine bitcoin

I have two tabs. One for letsdefend and other a simple google search and its taking 850+ mb

Hello 👋🏻

I get on work meetings and sometimes i see people with like 60 tabs

and im like wtf

Can anyone tell me how to verify my account

Welcome to the jungle

welcome to the house of fun

we got fun and games

Thanks 🙂‍↕️

we got everything you wat, buddy, we known the names

welcome to the lions den

Welcome to the jungle lyrics work well for this type of server

If you got the money, honey, we got your disease

lol

Well I don't have all those

It's a song

Only a photo a laptop and some cash

Hmm

Well I only listen to Phonk

try this .. just see if its catchy

https://www.youtube.com/watch?v=o1tj2zJ2Wvg

play that phonky music white boy

That is a classic song !! One of the greatest

Well I am still a boy I guess

The songs true meaning flew over my head

yes, well it would

it would make sense if you were alive in hte 80s

still its catchy and popular

I am 19+

Soo ya the vibe don't match

all good

thats gen-x music

Hmm

Well it's not your fault actually

I am a person who prefers to be alone

I used to be like that too at your age

Hmm so what about now?

i lead hikes up rocks and clime walls with friends

and go kayaking in rivers with my wife 🙂

I also do this but alone

🙌🏻

i admin afb group with 41k ppl

for hiking and get 20 ppl on hikes i lead

Cool

good way to meet ppl

I also have been a admin but I quit

It was too much social and banter

this is a fb group

we approve all post there is no chat

It's like i get bored with people very easily

we do hikes as events

what brings you here?

and people post pics of their hieks

hi shyft

Well, one of my colleagues suggested that I use tryhackme and start my journey and I was just editing my profile at the bottom I saw discord token so I thought I should join and see what it has to offer

do you have a background in security or IT in general?

The reason she told me to do that is because I use Manjaro xfce

hope it doesn't break™

Well I don't it's just I have interest and it's the only field that doesn't get me bored

I also hope the same

Well I hope you guys will help me if I have any doubts

yer feel free to ask any questions you have

any AOC desktop backgrounds this year?

Have you read the book "The Yellow River" by I.P. Freely

hey guys so im new and i really wanna start learning about cybersecurity do yall got any tips on what i can do?

hey there

welcome, you can read #start-here to learn about the discord

on the website there are learning paths, you should start with pre-security

there are free lessons and you can decide if you wanna continue, there's a sale coming up

ye ik i bought the premium to but there are to many ways u can go so i always get stuck like idk what to learn

do you have an IT/software dev background?

start with presecurity

then do cyber security 101

then you can choose the path

ive never worked in it but ik HTML CSS angular

like basic things

bc almost everyone knows html css

I see, then I think it's best to use the learning path to start from ground up

do i need to get virtual box cuz i got low end laptop and it cant really handle it

no, there is an attack box in the browser you can use

Just a question, if I notice a mistake in THM rooms, who do I contact or where to write?

#1333993673381253162

ty a lot for helping ill try it for sure

Hope you fall in love with it

its fun 🙂

im already in love just need to figure out how to use it

it takes a long time and a lot of dedication and practice

quick question i just need to follow "learn" page right? like i dont need "explore more" yet

@trim portal Please slow down. Further spam will result in a short timeout.

I only sent 3-4,,,

Hello @dark wolf

Hiya skittles

you can do a lot of reacts though haha

How are you doing???

yeah

ty ty

even if you think you know it, do it

maybe some new way to do something hidden in there

Can I send you a message via DM @dark wolf

yeah, for sure

Seems like nobody appreciates my work here

what you mean

of course we do @cloud quiver but we don't see you chatting much

Hello

That's why we use /report but you ninja mod, beside KGB i gave you the 6000th point lol

Oh, this emoji is approved and can be sent out for more than 3

thank you

Gave +1 Rep to @cloud quiver (current: #1 - 6011)

se now you are at 6011

Hmm

I'm here every day

For the last two years nearly

I don't know where you chat mostly, I just haven't seen you chat in general too much

i know you do mod stuff though like ban users and mute them

when we report them, so thank you

I come to #general only when somebody summons me in /report channel 🤣

I'm in help channels and new releases most of the time

I haven't gotten to wanting new releases yet, too much to learn still. eventually though

hello i need help

ive been stuck for too long

please

ok

what room?

burp suite

the basics

task 9

i set up the proxy all good

when i look for http://machineip the requests never ends

i never get to the website

i tried for several days so several thm vms it doesnt work

proxy or not

when is the last time you regenerated your vpn config?

they made some changes so you may need to do that and try reconnecting

i set it up recently on vmware

doesnt work

i tried using my own browser without burp or any proxy justr to see what the web page is like i cant access to it

Hmm, you know what, there are people helping in #room-help , try asking there

i tried with the attack box same thing

because i've heard people having issues connecting to the vm

oh, same with attack box?

yep

how did you configure foxy proxy

i followed the instructions in the task

i asked in room help yesterday it got lost

ended up helping someone instead

xD

haha

man how tf do i see a private profile on instagram without following them?

we already told you thats illegal

you don't

i think there are straight up applications for thisd

How long does it take to cook rice?

but its family i mean like they also are underaged hence to why im worrying

go in room help

how do we know you aren't a con man Rice

the reason doesnt matter

how do i get access to a blue card code without asking the owner

its for the hack a blue card room on thm

task 7

My mothers cousins friends nieces co-workers ex-roomates mother got fooled by a con man once, so i am always suspicious now

so i just stuff this machine ip thing up my arse and get going with the rest of the path i guess

well no

you can access terminal in the attack box

starting it

and try ping the machine ip from attack box

okay

pinging it

like crazy

does it work the ping?

yep

no packet loss

ok now try curl http://machine-ip

hello i have a problem with ovpn stuff

im seeing it

the page

th elight

the light

just last night i could connect to thm vpn but now i cannot

with the same configuration file

i guess its on my end if the attackbox can ping and curl the target ip

then

yeah, so just do it with the aB and fix your vm later maybe

up to you

ty boss

but keep troubleshooting, it's part of the gig!!

like a puzzle that only you can solve ;P

Haha. You have to solve a puzzle to start solving the puzzle

rabbit holes .. dependencies

omw omw

ty

install discord
.. LinuxGui not found
ugh
install LinuxGui
.. L32DebugBlahkern.sh not found....
and so on

luckily it all auto installs these days

Yer a lot of things just work nowadays

when we see those 45 packages installed and rememebr we had to install every single one by hand in the past one by one

but there was no instructions on what to install, just wait for the error and go find it

Uurrggghh don't remind me

And the internet was so slow so looking anything up took ages

people were going on cable modems in 97 and i was stuck on modem till 2k

random question

what exactly is a hash and how is it different than encryption like RSA?

hash is not encryption

Yer i was on 56k for so long.

encryption can be decrypted

a hash cannot be reversed

you ahve to guess the value and brute force it

with different guesses

but if you have the encryption key you can decrypt the file

and then you be a typical 21 yo drunk and talk crap and some kid on a t1 runs a ping -f on you

are you still messing around with arch or have you got that all set up now?

it only took me a couple hours to set it up, i was spending more time setting up stable diffusion and comfui

ollama got installed pretty well with openwebui

just had to guide claude a little but it did most of it lol

I can have claude code do anything on my laptop i want

cuz it's just a toy lol

a dev box if you will

yer thats something id like to investigate more. id love to have a code monkey just make all my projects

I just like to know how things work, what makes them tick

I rarely give up. In fact one of the only things I ever gave up on finding out what makes them tick is women.

i just wanna skip all the boring bits. i really dont like coding but its so useful

https://tenor.com/view/throwing-papers-im-done-nope-not-today-sheldon-gif-5610220

phoning a friend : On a WiFi, within what will an IP packet be encapsulated ?

its fun to make the computer do what you tell it to

it really is.

802.11 encap

are we gonna be on who wants to be a millionaire?

lock it in

yesir except the networking room gods disagree
we are looking for a 5 letter word
I thought it was https i guess not

Oh snap, that reminds me, I have a wifi adapter that has listening capabilites.

okey so if i leave intercept on of course its fcking hanging

oh, a room that is using specific vocab

frame probably

ipsec?

negative

the ipsec is the encryption on the data and headers, but wifi adds an encapsulation layer

im sure your answers are right but the specific word is finicky

hhmmm

its an 802.11 data frame

so if frame doesn't work then idk what to say

bingo ! 1 million dollars

oooohhh yer i re read the question

the ip packet will be encapsulated within a "frame"

everything at layer 2 is a frame tho

wifi or not

lol

haha true. red herrings

im embarrased that i entered https.... doh ! application layer

Is Water wet (yea/nay)

the osi model is giving me flashbacks

What tool can scan a remote network? A computer

a scanner 😛

there are many layers to this

yes and if you look at wireshark , it maps out the layers

to help you understand

thank you

Gave +1 Rep to @dark wolf (current: #63 - 173)

I just like to ask questions to make sure I aint going crazy lol

sometimes you need a nother explanation

yess

why all hte staff leaving?

is there some mass exodus?

morning

hello ibn

morning general seir 🫡

night time for me, still saturday haha

oh mine is sunday morning

Me2

shyft how are ya

most of the server is on sunday

Whoa....I'm getting pretty deep down a rabbit hole here...
https://github.com/emanuele-f/PCAPdroid?tab=readme-ov-file

i see

doing alright. hbu?

Idky its so weird to see Jabba leave or am I the only one lmao

yeah

day coming day going im sitting like dead man

jabba left

yup

Yeh

was something went wrong ?

Bro was always there since I started out so it feels super weird...it was like a thm god or something

Dk

he quit thm, on to new things

nah hes just moving on to other things

ooo

So is anyone new coming?

we don't know yet who

Right...makes sense

Hey hey :3

Heyy

woahhhh

hello all

this is really cool i finally found a community of people with similar interests

Welcome

nice to have you

Welcome!!

currently working towards my jr pentesting cert

this stuff is really cool

Ikr

yeah i love breking things

me too

You guys doing AoC this year?

yeah why not

Coooll

I'm gonna give it a try

what i dislike about this field is how vague it is in terms of what you need to know to get a job out of this. there is like a million different certifications.

will it be easy as the prep school that hands you the answers?

welcome here mr. pill

Me2...I started out early this year so its gonna be my first time
Super excited

I highly doubt that

All tho its supposed to be beginner friendly

yo

thats good

yo skipper

what are some good entry level certs fellas?

need help connecting discord account to my profile

i'd look at job ads in your area for entry level positions

see what they require

thanks

Gave +1 Rep to @dark wolf (current: #63 - 174)

thank you kind sir

Gave +1 Rep to @dark wolf (current: #63 - 175)

you ranking crazy

i did a lot of rooms and training in the last 4 months

and I work in IT as a network engineer, so somethings i already know

sick, I am gonna buy the premium soon

once the discounts are out

nice

and gonna go all in

the premium what?

HTB is expensive

THM

Ohh yeah Tryhackme is the cheapest ive found so far

EXACTLY

i looked at the ceh cert and it wouldve cost like

2k

comptia+

1.5k

sec+ is worth it

And there's so many free rooms on thm too

its insane dude

can you do payment plans with that stuff or what

get the entery ones, once you have a job, they will pay for you to get those

true, but I love the platform, I would like to support them, and you know have full experience

youre awesome man

it's really hard, so I have to diversify my skillsets

thinking about linux admin

There are so so so many differnet things in IT

I would assume Jr pentesting is the entry level for pentesting

true, but I have been applyinng like crzy

got zero call backs

fixed the resume

yeah but most jobs are for soc and sal

even forged it to see if they care about it or not

still nothing

should i go for my sal1 cert too then

As a PenTester with 902 years experience with Windows 11 ..

the job market is so buns

Ai would hand you the job

probably focus on what skills will help you get a job

and AI Hallucinator

I gotta get to sleep now. nighty night

sent back from future

to bore humanity to death

night

Hola

Anyone working on any interesting Cybersecurity projects?

yer i got a couple in the works

how about you?

I got 1 major one that I am currently on

What is the essence of your projects :

developing something, optimizing, or just working on your home lab?

one is a honeypot/mitm/packet sniffing thing. the other is just a bunch of scripts to make my pentesting workflow easier

whats yours? if you wanna talk about it

That’s sick

Mine is a web app that parses email and uses an integrated hugging face model to analyze the headers and constituents

Crazy af

ah cool. you coding all that yourself?

The honeypot/mitm is like an executable or a script?

it will be a bunch of tools all working together (hopefully)

Yeah. With some help from AI.

How does that work. Sorry I am asking so many questions. I just tend to be curious about how things work

haha all good. i could talk about my projects for ages. i should actually do a full written plan for it. but the basics are
wifi mode - either fake AP or evil twin
wired mode - arp/dns spoofing
then filter all that traffic through some tools to pull out important information
plus add some honeypot services

Cool. Are you aiming for a red team role or are you already in some tech role?

i do various non security IT jobs. all this hacking stuff is just a hobby for me

hello guys im new here and in cybersecurity too

welcome

I am a remote student studying Cybersecurity at a university in the UK. They don’t teach jack so I have been racking up skillsets (thanks a lot to THM) centered on blue teaming.

ah nice. yer thm is a great resource.

ooo sounds good im just learn cybersecurty ann english at the same time because this is not my first lenguague

its so good to see new people join who arent shit

Does anyone have a team for CTF?

what is CTF ._.

Capture the flag

Capture the flag

hacker games

i dont have team just im new

THM{Hancer_is_Handsome}

You don't need team , all you need is skill

Well, a great way to learn more about hacking is at CTF events

im learning now about burpsuite

In portswinger?

Burp Suite: Intruder

Thats great never use burpsuite on legit website because they can detect you.😂

I mean, in portswinger?

yes but i need learning first no ?

Port-Swigger

Ah, my bad

Basic fundamental like https - cia triad , networking

Hey. What path should I start with for CTF. I am almost done with the Junior Pentest path but, even upon completion, I am assuming that won’t still be enough to start CTFs

Im not very good with inglish, i still practice

me too jajaja

Who cares about grammar

yes sr

We understand your English

Start with standard protocols and how they work

I also have bad grammar English

Fuzz

i can send picture ¿?

Yes because you are already verified

@worn lion

https://portswigger.net/web-security

How do I add my roles and my level on my profile?

Nvm

Depends on how much you know already, but if you can do the pentest path you should be good

Thought so too. Thanks

Gave +1 Rep to @sturdy sequoia (current: #165 - 59)

thanks bro

Gave +1 Rep to @quiet sapphire (current: #2151 - 2)

You should see some challenge rooms along that path that should give you some idea of what a ctf involves

Usually in CTF there are many types of challenges, sinces FORENSIC or WEB EXPLOTATION, CRYPTO, etc, even OSINT