#general

send roadmap

you do NOT need to learn assembly

Assembly is only worth if you are navigating towards Reverse Engineering

Yes, assembly is very niche

Rootkit research and whatever

which has more priority ???

I study software engineering in the uni so I think malware researcher

Assembly is incredibly unuseful

which lang?

beautiful

Like what would you use it for lol , you’re not a caveman

then SOC analyst t1

skill or lang

too much stuff to learn

not true

learn Python you can use it pretty much anywhere

Why else would you want assembly in Cybersecurity?

if you want to lean more into developmet, Rust, C++, and Go are all useful

C first

i have good background in python i need to do more projects

Okay fair, if you work with lowlevel hardware

processor factory or so

https://tenor.com/view/role-yellow-knight-roblox-watch-who-you-talking-to-low-level-gif-5148660935237369807

Just do code wars lol

I want to make this month just for languages learning and getting myself really good in 2 or 3 and for now I chose python and assembly and maybe rust as they said

uh really

imma go study before i make my roadmap even bigger

exploit dev in generla, helps a lot to understand as it's literally very low level language and interacts with hardware closely, ofc advanced malware creation, buffer overflows, embedded stuff, and for low-lev optimiz

ation

To be fair, I wouldn't put much effort to learning specifics of language at this point, you have AI that can conveniently port from 1 language to another

the browser is saying I ran out of blocks and making me pay

You’re not getting really good at 1 language in a month, let alone 2

just rev engineering is not doing it justice at all

what ??? sorry can i get some screenshots ???

just come to Dms @austere current

python you can learn in a month

Okay yeah, exploit research and reverse engineering, I wasn't going that niche, but that is true

simple

You’re not getting really good at it

C first then Rust for cyber security, you will need to backfill C knowledge later for low-level work if you go with Rust first

Or if you are going towards ICS/IOT security

I know python, C, JavaScript very good already and I know all the computer basics and how it works and all that, do you think it's still hard and I'm just delusional

you're going to be capable

able to write your own scripts for quick tooling

I'm very good at C already

python will be very simple for you as it's literally built from C

I think you are just delusional

then go with Rust, C knowledge can be learnt later down the line anyways

You’ll unlikely even dive much into classes during a month of learning

Be delusional or go home

But doesn't python have those predefined things I forgot what they're called

I don't see this arguing here answering any question, so many people with so many opinions

I’ve pretty much finished everything on codeacedmy for C JavaScript python and ruby, still wouldn’t say I’m any good at any of them

yes it's more abstract thus making it a lil higher level than C

100 lines in C is like 10 in python

But for tooling python is a match made in heaven

it’s working right now but it starts showing that like every 2 days. I can you the next time it shows that if you want.

Then what will I use C for?

what field are you going into Critical?

anyone passed the github foundations certfication ?

Arduino

try changing browser maybe or something because ive been using notion for a bit and never had that issue

multiple things, you need to learn that things are not black and white, you can mix stuff and do same thing in a diff lang

I study software engineering in uni and I do cybersecurity for fun so if I combine them I get malware researcher

Lots of newbie devs got this weird idea that one lang is used for X and another is used for Y only

forget it

not sure where it comes from

Because it’s pretty much true ?

Yeah I know but like I thought languages are just for making tools, aren't they?

you will work in HR

lol no

I have an economics degree so I might just change career at any point

You can do anything with any of them, but they perform better in things

It’s just a matter of efficiency at the end of the day

efficiency can mean multiple things

yeah get that macha latte girl

Python is quick to write as so much is already made for you

get a deep understanding in Python, Bash, PowerShell for Cyber Security
C is the best for deep low-level knowledge, most things are moving to Rust or Go but C knowledge is always useful

but C requires you to build the foundation, but is way faster

Just tell me what I can do with programming languages besides making tools please

might just switch to obsidian. I heard it’s better for cybersecurity

a lot

everything.

literally everything

https://media.discordapp.net/attachments/1244744740247834666/1397107106540163172/caption.gif?=&width=311&height=372

ye

bring this back

its just a note taking app. use whatever works for yu

better for cyber ? what ? no its not its just completely offline and you cant sync shit unless you pay

Name me 5 things

???

that you can make with programming?

this is a lie

literally everything man

I have so much knowledge and I don't know how to use it, literally

your computer

automation

don't spread lies just because you lack knowledge

Yesss

which part ?

what language?

the entire sentence is a total horse shit lmfao

He’s just going to say everything is a tool anyway

1. you can collaborate
2. You can sync for free, their official page even guides you to do it

What I know currently so well are python, C, JavaScript, bash, PowerShell

You can make a car class and do funny things

Wait really ? this news to me

Whoever thought that PowerShell should run Base64 encoded?
For example:

powershell -eC cABpAG4AZwAgADEALgAxAC4AMQAuADEA

I want something cybersecurity oriented

yes really

You can port scan with python

Obsidian is very friendly to ppl working on their platform

I fuckin love Obsidian haha

I got all my workmates on it

you can choose to use thei sync, or use syncathing or other system all for free and takes 5 mins to setup

I have a Wiki vault shared to all users

Collaborate you can with a custom plugin, you can even self-host the entire thing so nothing leaves your control

dont telll me its using other clouds like dropbox etc to "sync"

and all plugins must be opensrc

Nah I wouldn't recommend that, I give everyone read-only access using OneDrive

self-host

💪

If you give everyone edit and you both edit the same file at the same time 😄

It's gonna suck

ofc . . . what was i thinking . . .

idk my friend that the graph can help u know what to do in each scenario 🤷‍♂️

no it's not

it is because of compatibility
to prevent errors on some systems when using special characters, quotes, unicode text and multi line commands

I’ve never even used the obsidian graph tool

Don’t know how to

using dropbox or wtv

not worth it ngl

just use the side bar for file navig

folder tree

or wtv

you are not using the graph tools when you got thousands of notes !!

Web Dev to understand websites on a deeper level
Automation with Python, Bash, PowerShell
Malware Analysis to understand sysinternals
Maldev to understand malware on a deeper level (make sure you always do this ethically and only on systems/devices you own)

I've only ever seen it used maliciously lol

its just a fun little gimmick

there is lots and lots and lots of things to do

you can have a page connect to another using [[

that’s what I was thinking 😅

That’s just how I enter photos

you can link pages in obsidian as well

![[

Actually you can, I have almost a million notes, it generates a planet looking shape in the graph. so cool

And actually kinda useful

https://tenor.com/view/beetle-gif-12779120063122410993

real

I know it would be useful I’m just to lazy to link stuff

damn

I can colour code my graph and see what I know and what I don't, and prioritise

I have 3 ideas that I'll be making soon

• remote DLL injection
• keylogger
• encrypted bind shell

Are they good

You can do it as a project

You can also port scan with nmap 😄

all will teach you different things so yeah

But it will already been done before

No need to reinvent the wheel

I'll see what I can do, thank you

Gave +1 Rep to @wind tree (current: #999 - 6)

Not if nmap isn’t on the system and you can’t import

interesting self-report but I use the folder tree as I said lmfao

It's very organized

Isn't everything have been made before?

Then just download it lol

so it’s pretty much useless…

What's dis

just a graph to see notes visualized

Good luck pentesting a air gapped system if that’s your solution lol

each dot is a file

yeah so tree is fine , i used to use tree as well when i was using obsidian

the graph? Yes because I decided so, the folder tree is what I use to navigate, and omnisearch to search entire vault in ms

but whatever that globe was , its an horrible

In what app

Obsidian

https://p16-sign-va.tiktokcdn.com/tos-maliva-avt-0068/11f6e3c630568f2b4afc23afaabec824~tplv-tiktokx-cropcenter:1080:1080.jpeg?dr=14579&refresh_token=aa020a4e&x-expires=1766268000&x-signature=rEr7Uv05kg%2BJB0bRhaHkcmihEsw%3D&t=4d5b0474&ps=13740610&shp=a5d48078&shcp=81f88b70&idc=my3

Why would you have python scripting language on an air-gapped system? That sounds like a nightmare

that is where my portable nmap comes out for its first time in 10000 years

yea I just use omni search too

Alright fine I'll start using obsidian just cuz you said so

You’d be surprised

put a keybind on it, life gets easy haha

It’s all about living off the land tho

ctrl + x for me

ooo I should def do that

I'd rather install nmap? nmap can't run code lol

I just have it as an icon in the top right

Yup

Yeah pulling out my headless netcat for the rare occasion

lots of times we got these annoying things that love to kick our arbitrary unsigned files

cant always install software

rare but it can happen

????

on a victim machine??

What are we talking about here

good question, I hope the answer is no tho

no way u moving nmap to victim machine 😭

Why would you ever even have nmap

You don't use nmap?

ye this is ragebait I'm leaving bye

At least there’s reason python or nc would be on someone’s machine

Python is goated

Yeah most companies don't let you just run python freely lmao wtf

You can pivot from the victim machine

what are we talking about

Touching the victim machine

this conversation is actually making me cry

That’s what the concept of privesc is

Fun fact, today I saw a company's cloudflare DNS get hijacked and their website was redirecting to some funky malicious default landing page in google cloud, it wasn't even configured properly

And also I resolved an AiTM proxy attack to some website hosted on an apache server running AlmaLinux which was interesting

I reported it to Cloudflare

Hope it gets nuked

All I did today was refactor awful bat scripts

Goddamn phishermen man, ppl need to stop calling them hackers. logging in ain't hacking

that sounds really interesting to be completely honest though

Oh I hate batch lol

Getting more comfy with PowerShell tho

I fear our support partners are useless

Got me to refactor a ps1 today that took over a day to run before they stopped it manually

It had an infinite loop 😪

AI?

probably

did it have an unnecessary amount of comments?

No ai this I know

Unless they memorized it and wrote it back by hand

From experience, AI can achieve what you want, but only after you tell it off several times, get angry with it and tell it how bad it is

I believe there was a study done that if you are mean to AI it actually gives better results

or the popular chatbots, not actually AI

People joke about how much I use AI for, but I'm probably the one AI hates the most, and I have the most distrust in it 😂 I ask it to prove everything, give sources for everything, and if it ain't got a source I assume it's wrong

I don’t want to be mean to our in house ai

Because it’s monitored

Tell them it's for development purposes

like a father beating his child

true it was conducted by Pennsylvania State University

Kept tripping the firewalls today trying to test some XSS

Yeah, dunno why but they released an update that makes it just want to please you, I think they reduced this and people complained so it got reverted and now it's awful again

that is what prompt engineering is for

Hit them with the Debug_mode: see it freak out

oh yeah what model does your in-house use?

I think it’s just ChatGPT

Even then, and I have massive prompts, it get's it wrong. If I say it in the complete opposite order, it changes it's answer. I'll have to say something like: Is this NOT possible, or is this possible? If I think the answer is possible, I'll say, it's definitely not possible to do this right? and it'll be like yep

I wasn’t involved with it separate project team

ah fair enough

I heard Perplexity Pro is pretty good, on a technical level. I've always used ChatGPT Plus so I won't be switching

It's weird how more context gives you a better answer but if you give it so much context/data it just messes everything up

at the end of the day AI are just LLMs they're just doing their best at guessing the next word

I only use ChatGPT to generate tinder and hinge responses ngl

We have different uses I fear

token limits, once you give it too much it will just keep the things it considers most important

a lot of the time it doesnt keep a lot of details, you will have to remind it 100 times

Makes sense

interesting usage

Would putting it all into a single txt file work around that?

I remember back in the day prompts were so limited and uploading txt files was the workaround lol

Bumble too

if you have Pro and have a very long chat where you notice ChatGPT starting to forget things, just tell it to condense your entire chat into a single batch output then send it back to the model, then keep using it as normal

not exactly that, its a bit of fumbling around to make sure it actually picks up all the info but its an easy way to bypass token limits

also Perplexity's mainly good for real-time searching and citing sources so its better if you want more professional responses

I thought ChatGPT has access to other chats?

it does

Can you not just create a new chat and ask it to review the old chat?

you can but its not always amazing with that

just make a project and then include something like - Import all project history in your prompt

I always thought that the token limit applied to different messages, not 1 large prompt. so if I paste in an entire SOC case I'm working on and give it a question, it should imo have the entire case in memory to answer my question

yeah it should

just include - Think thoroughly and - Search the web in your prompt normally after the question (forces it to activate all the models features)

I do that a lot, especially if it's been escalated to me from one of the engineers below me. I ain't got time to read from the beginning 😄

true true

hey whatsup everyonee

Eeeeee you're visionary congratulations 🎉

Now for the next step

ayyy I didnt even notice it switched finally!!

*notion is better *

Now do the next step or I'll stop believing in you

I installed notion one night before sleep and I felt that it's too complicated so I deleted it and stayed in Joplin

whats the next step...?

0x6

Don't forget to take notes btw

but... pretty... and instant sync between devices...

I never take notes

Notion can have a slight learning curve compared to Obsidian but it is way better

im not too far

Is really complicated or was I just tired that night and I didn't give it a chance

You're mean

Hello

probably tired 😄

probably really tired, its pretty much just MD

Go for it or I'll be mean to you again

why?

What are you talking abt

Btw can I tell you about something silly in dm, like just something I wanted to say because it's kinda making me frustrated and I told valiant and he joked about it

What about my other notes how can I switch to notion

yesss my dms are always open for you!!

what notes do yo use?

Taking notes is an essential skill

Joplin

but I don't, doesn't make me mean

Who is into red teaming

not i

not 100% sure but I would imagine if not officially supported, scripts have been made

and all notes apps should hopefully have an export function at least to MD

Aren’t red teamer dangerous

no...?

you can import them with a zip but i personally copied them over manually to sort them properly lol

I will soon

nope

Like they can switch sides from white to black hat

Only if their doing it illigally

anyone can do that not just red teamers

its an ethical choice to be a good actor

How

red teaming isn't hacking although it may involve hacking

well they choose to act illegally

But they could be a danger

Right?

who?

Red teamers

I mean I suppose so?

there is a potential for danger, they themselves are not dangerous though

Im new to cybersecurity so i get so many stupid questions in mg head srry

Absolutely love it

I'm going through a whole cert map atm

no such thing as stupid questions, only unanswered ones

I've written a lot of writeups

As well for the challenges I did

Huge focus on windows active directory

Wow

You're mean for not giving yourself the full experience

U don't take ANY notes??

I'm very impressed if you can handle all the information

It's so basic I regret now that I started with it

Notes are like a second brain

Extremely useful

I dont take notes either but that is because I either already know the content or already have it noted down

There's no way there's a person out there who doesn't take notes

Guys i will start my first step in red teaming soon any advice ?

I can't even comprehend that 😭 at least some level of notes

I just want to be better

as long as you know how to find the information easily it wouldn't be absolutely horrible

#start-here

be passionate, and always keep learning

Are you capable and understand the structure of OS? Networking basics etc?

and then go to #start-here

Go through the basics first it will carry you later on

Yes

I saw google IT support course on coursera

if you already know the basic not worth it

That's good for foundational level knowledge

Hm?

I learned so many things but i forget little things

Nah do it, cybersec 101 is very basics u can finish it quickly if you alrd got experience

Take notes

Already finished it

Gtg

its very basic, I would only suggest it for those who want to know if they enjoy the industry or not

You got a good grasp of the OSI model ?

and those who need the absolute fundamentals

My next is a start in red team or smth like that

The course literally requires you to learn OSI, part of the exams multiple times actually

So 100% he does

well you will need to figure out which field you want to enter first

PenTesting

uhh ok

difficult one to start right out the gate with

Do you seriously not?

no, I utilize repetition

How do you operate?

So let me get this straight

What should i start with ?

You're doing a lab on thm, and u just remember everything, all the ports, all the services, all the exposed endpoints etc??

None of that is notes anywhere

Noted*

?

you can start with pentesting its just a slightly difficult job to start right out the gate

Ye still not humanly possible lol

there are lots of tools for you to utilise to learn

Is there easier

plenty

depends what you like and dont like

eh you are talking about if i'm doing a specific box, do I do notes on that box? sure, I'll output stuff to files and refer to those files

Will hurt you in the long run for sure

What about reporting?

Welp whatever floats your boat ig if it works it works just sounds insane to me

so, I'm an architect and in part of my job, I will do things where I test things out and come up with a design, how things should work, I do document that out

So u do take notes!

I dont want to stop learning when i find many things difficult and i have long way, i want to achieve things to keep motivated, im new to this world so im kinda lost

Not everyone learns or operates the same. Its ok

Yes

but like if you just talking about doing a box on THM or even studying for certs, I don't take notes

when you're new everything will seem a little difficult, but as long as you're passionate to keep learning im sure you will succeed

Ye welp whatever floats your boat as I said

for work related stuff, sure, I would say I build documentation 🤣

So is starting with pentesting ok for me?

if you like that field, yes

maybe start with IT first

Just start and don't talk lol

Figure it out as u go

I'm here cuz I alrd studied all day

I first started with and IT Support google course

Brain is exhausted

Ok

Nice man

so do you feel like you are well versed in Linux OS, Windows OS, networking and scripting?

Yes

what scripting language do you use?

Python

and you have already built a linux VM?

JavaScript

I use mint as my main os and i have kali in a VM

ok then, join tryhackme.com (or hackthebox) and get to it

Ok

Thank y’all

Ummm Do I just share that everywhere and people will give me money or what?

3 million users special module?

No idea what it means lol

yeah just sent you 1 million zimbabwean dollars

I just sent you a giftcard for 50 million usd, just click the link in your mail and you will receive all the money!!!

maybe when THM crossed the 3 million user mark

I just sent u 1 lizard bux. Spend wisely

yup, https://tryhackme.com/module/three-million-special

@sand trench I'm following in your footsteps, I'm posting Cheese Of The day in 3 other discords

I remember when 13 was the top level..

Yall know any free grow a garden scripts?

welcome to the club of cheese posters

Like no key

https://tenor.com/view/cheese-cheese-girl-just-a-girl-who-loves-cheese-i-love-cheese-girl-loves-cheese-gif-25949793

*Guy

To make your garden grow faster for free, focus on optimizing conditions: improve soil with homemade compost/mulch, ensure proper sun/water, use free cuttings/seeds from neighbors, create mini-greenhouses from jugs for warmth, and plant quick growers like lettuce or beans, providing rich, airy soil and consistent moisture.

He's asking for screenplay scripts to read to his plants

Hey @silver sky

You're Bri'ish

https://tenor.com/view/fuck-you-eff-you-fu-fuk-off-screw-you-fuck-off-fuck-you-eff-you-gif-4563704914822392535

I love your username lol

https://tenor.com/view/naughty-list-santa-santa-claus-carlton-lassiter-timothy-omundson-gif-10449506

I'm always naughty

Stawp it why the bullying

https://tenor.com/view/the-red-one-naughty-list-level-4-naughty-lister-chris-evans-christmas-gif-10453161593176029769

Because he's bri'ish

Peak Christmas movie

https://tenor.com/view/halloween-laser-naughty-dirty-dancing-dirty-gif-11708465718609514006

Grandpa?

i tried getting shell on tv and i shocked myself badly😖

https://media.discordapp.net/attachments/1236749088469291148/1396482649849073744/togif.gif

you okay?

yes

now theres weird marks on my hand

so not okay

is it burn

what colour?

red

most likely a burn or just skin irritation then

i think i accidentally touched multiple capacitors

ouch

oooh might be a lightning scar

Found this in the wild

No I didnt "havk" it

Was a Shodan banner

VNC w/o auth is asking for trouble

Unless it's a "trap"

Kinda like this

usually not just red if I remember correctly

well can take time for it to show up fully

yeah thats true

does that mean thta u reinstall an OS beforehand?

also have had a big shock once from opening an old crt tv

do not recommend

did not shock shadow but their screwdriver

and that was very loud

these SOC rooms are killing me, y'all who do SOC are the true heroes

it is mostly reading logs and figuring out what is normal stuff and what is abnormal
and then how much you need to act on it

yeah and its a snooze fest

SOC is fun

when I did SOC adjacent work, it was already after someone validated an incident happened but this stuff, nah

2 more position better then this that i can think about is DFIR and Malware Analysis ^^^^

well those were both the roles I did when I was doing SOC adjacent work

yeah my bad at the beginning i meant L1 and L2 doing alerts .... so yeah all this is PEAK Experience

I am totally convinced that Shodan is just easy/fast Google Dorking. But if you really knew GD you wouldn't need Shodan at all

I'm sure its great experience but I feel for people who do it day in and day out

Is it worth ~$500 a month for me to pay again? 🤔

$500/month!? I thought it was like $60/year?

I have the small business

plan

Mid-tier

I use Shodan daily

thats only something you can decide

I share it with my small team but idk..

We will see

come hiking with me on 1/1 chainz

burn out is real and fast and the fact that some of the places requires you to be 24/7 on call doesnt help either

Its too cold rn

Burn out too

bah

Im so tired from all the bs in my life rn

I have 7 people going

work, personal, social. blah blah blah

In spring, yes

I can do spring

Its when I go out anyways

cuz you are missing nature 🙂 im going climbing indoors too

I dont like cold and I dont like dark. I need sun and warm

look at that smile . . .

hehe, i'm always in a good mood

And it's so satisfying to make it to the top, you have to follow the colors

you can't just grab any one

I'll be in a good mood when I get rid of the roaches in my ghetto ass overpriced apt

Move to Inspirada or Anthem

Oh I wish

and time to go to sleep sloop land where the beeps are booping and shadow goes meeping mooping meep moop

oh is it ? i tried to that once when i was a kid and i was grabbing everything LOOOOOOOOL

Heyo

I'm looking for help lol

help with what?

So my old phone broke

And I lost access to my old discord lol

@gusty inlet

contact discord support

Ah ok

Damn

Was gonna hack my own account

Well thanks

dont do that

Where can I get discord support

Oh ok

https://support.discord.com/hc/en-us

Damn

Discord has a support email but its hard to find

Buha

I had to track it down once for something a year ago

I dont have it anymore tho

Search their Twitter, that's actually where I remember finding it

just converts it into a ticket anyway and its normally not reliable

Discord Inc.
444 De Haro Street
Suite 200
San Francisco, CA 94107
United States of America

Phone: 888-594-0085
Email: support@discord.com

Discord Customer Support: https://support.discord.com/hc/en-us/requests/new

https://support.discord.com/hc/en-us/requests/new is the best way

I have legit used it and talked to someone yes it works

I just dont remeber the exact email

thats good then, from past experience its not very reliable 🤷‍♂️

Try no caps

I swear, some of these labs were spit-glued together

i need to complete comptia pentest+ path before 1:55 pm tomorrow

so i can get the cert printed

im only at 54%

How are you taking the test rn

huh

the path

Or you mean online course?

Oh. that

Thought you meant the actual CompTIA

im to broke to afford that

I did for my sec+ and tbh its way better

But I can understand

i hope to win pt1 in the aoc

I've done too many THM rooms

Lot of em broken cause they're poorly maintained

There's only so much hacking a VM can take before you need to restart it or something at least

I'll renew my 1x year sub when THM stops neglecting

Either maintain them or retire the lab

But don't let it sit abandoned for 4 years

how can you win pt1 from aoc?

can we still join?

U can start with any AOC room

Yes

You can join any lab

im getting closer to top 1%

thanks guys

wow thats nice, do you have to be at top 1% to be considered prize

😱

considered for price*

1. Keep on the grind
2. Dont fall back, even when it gets to ya
3. Fk what Gatekeepers say, they like to bs

Freak

The main Red Team / Pen Test walkthroughs are Paywalled

:(

I recommend the 1 month and see how it goes

I dont got a credit card dawg

Its like, $10 I think

I dont got money

Im a minor

(IM 14)

Start a business

(JUST TO CLARIFY)

Yeah, sure. And uh

Exactly what would I do?

Too broke to buy lemonade

Idk, you can do something for a little cash, $10 worth

uhmmm

Midterms are kinda over so I cant sell answers...

If not, then just wait

https://tenor.com/view/sussa-gif-5432297967573209335

THM aint dying anytime soon

Truw

u got a few friends??

Uhhh

define friends

If you are asking me to ask them for cash, no way.

Makima?

I dont ask friends for cash

https://tenor.com/view/christmas-santa-chainsaw-man-kishibe-gif-5924242618566740282

Ask ur parents for $

ehhh

christmas is cutting close

Just be patient, dude

presents already under the tree

Anyways

Ill just do some free rooms

Look at this cute cat who sacrificed his loved ones for the mangenkyo sharingun

https://tenor.com/view/sasuke-uchiha-naruto-shippuden-naruto-crying-sad-gif-23791551

Nothing wrong with that

got any recommends?

No, I dont use THM anymore. I have been deployed to the field and use Shodan

I would say, do the networking basics

Get that knowledge in first

They should be free

Ive got enough knowledge to know the things i need for hacking

TCP Packets, Wireshark, etc etc

Ive done uh

EternalBlue

Are you blue or red?

and a few other arbitrary rooms

Red

Then do the offensive hacking rooms that are free

Cool

Do you think HackerOne is a good place to go too?

for VDPs (Vulnerabilty Disclosure Programs)

Tbh, I personally find a company that is exploitable and contact them about it so idk about HackerOne

They have bug bounties and like, private things. You get around $100 minimum for reporting bugs

(that is if you are 18+. smth)

I report exploits, not bugs, although there can be both

Lots of exploits for many reasons

Not so much bugs, but you do find them here and there

What did you say you use again?

Shodan?

I pay almost $500 a month for Shodan, yes.

jesus

im goo

good*

I use it quite often

Like, all day every day

Also, I have a small team

I share it with them, guess makes sense since its the "small business" subscription

Shodan tho, like to hide the good stuff behind their enterprise subscription

Thats like, little over $1,000 a month

oh my

thats a LOT

Shodan be the sht, no joke

Me and my team actually have some little rep going on cause of it

hewo~

Sup

good

sup

Turning off my VPN

🤔

Was wondering why sht be slow

Was scooping out this server, nothing intersting tho, but lot of weird stuff

@kind wagon has been warned.

He's being prosecuted for political dissent

Or something lol

idfk

All I know about Russia stuff is that they post lots of Ukraine war vids on Telegram

Ukraine does the same sht

Like, GoPro FPV videos

Hi

fury

Yup

Hewwo

Oh hi bob

no

Hy

Im making a vulnerable Windows server for yall to play w/ :3

Yes?

no >.>

Yes!

Nop :P

Hmm ok

Ill give ya a hint! its MsSQL is misconfigured! Ill post the link soon! (im using cloudflared for tunneling cause i dont like port forwarding)

Bark lol

gulp

What?

xD

I do that to furries

I used to be one

Was a thing back then

Sir

Na, code word was "Bark"

Im making a cloudflared tunnel to my vulnerable Windows server :3

Its a VM

Is it possible for a hacker to go from VM -> HHost

Host*

Yes

(Excluding network vulnerabilities)

Um ye I've seen viruses do it

how can I secure my host machine so that my VM wont be killed

and so my Host

Idk tbh

Is there anyone that can help me understand the most common attacks to protect myself against. I’m building a SAAS and my main worry is overload on api or attacks I have never heard of due to my in experience. ??

I'm stipids

https://tenor.com/view/funny-lol-edible-high-gif-8612535977197317528

what kind of saas can u share more details

VM escape

Im gonna post a link to my vulnerable machine and pray no one goes out of scope 🙏

Pretty uncommon tho

Great idea

https://tenor.com/view/children-ruin-everything-astrid-to-terrible-ideas-terrible-idea-bad-ideas-gif-13302356758181285850

https://tenor.com/view/bunny-in-the-snow-peacful-bunny-gif-cute-bunny-bunny-gif-4884303926153606966

buni

Typically its consider kinda sophistcated to break out of a VM

No one gonna waste their time

I can privately if available for a quick talk I’m not a technical founder I have stumbled my way through creating a some what viable MVP using ai for all coding needs.

But along the way have learnt a lot about the way stacks work. But privately I can go into more detail int he business itself and the stack and real logic im using if you can help me understand where I may be open to exploitation

Unless you gov or something

ok thx <3

I own my own domain for free :3

dajsdajsda.dpdns.org

its not up rn cuz i dont have my cloudflared working

You got nothing to worry about. Your attack sureface is propbably low and your attraction is close to zero

Maybe go read up on https://owasp.org/www-project-top-ten/ and how to test your SaaS for these

YIPEE!

This is illegal.

Dont let the gatekeepers scare ya

And if using a 3rd part like supabase for auth will their own handling help avoid these auth issues.

In terms of aid api usage that’s my hardest understanding. I have org based api access with token creation and I have usage logs linked to tokens but as I’m not a developer myself in term of the industry standard for protecting api calls I’m oblivious

Is that message illegal?

this one

What message

Gatekeepers?

Na

Reported

THIS

@oblique loom

Oh yea

Cant do that sht here

Ok lemme get the mods :3

https://tenor.com/view/clash-of-clans-hog-rider-call-gif-13376447

@hasty sand

THERES A GUY BUYING WALLETS!

HERE

and now we wait <3

But yea, the gatekeepers be gatekeeping

fr

Also is 0day the guys who does cool stuffs oohhhhh I liek hims

:hammer: victorysaom_10610#0 has been banned.

AWESOME :3

W Mods

OHHH

I see

theres a difference between the two Mod roles

mb 0day :<

Can we get rid of the moose guy while we at it? jk jk

Ok im gonna do some final testing of my cloudflared, making sure my domain works and everything

Moose?

https://tenor.com/view/moose-water-gif-20347387

Long story xD

Ah

Wait what is the discord admin rank anyway

ty mods

They someone here that dont like me for whateves and try to start drama at times

Yall mind if I post a quick test vulnerable website to make sure my cloudflared is working?

Ah

Lol

:3

its a free earth

Wait KC?

yes sir, god bless

Is that the KC ik?

Hello?

Whole ah paragraph he's typing

Totally random, but I like that pfp, fk it im going back to furry pfp again lol

Lol

We doin it!

in term sof logic i have spent weeks using ai to refine all issues i have manully found aswell as codexs smoke flags finds and solved them to points i cant recreate any bugs threw ui/ux controls or threw api calls even down too the overdue payent and read only acess flags etc.

i have a few edge functios setup for syncing data threw frontend cloudflare api proxt and frontend pages aswell as the supabase edge fucntions.

in total im worried due to my 73 edge functions that can be acessed threw enterpirse plans and if someon ewas motivated enough they could maybe find errors with my limit enformcent.

What the absolute helli is this guy typing wholy

https://tenor.com/view/fell-gif-11242683397767497522

ive spent hours doing jr pen test path

wait no

Hi

comptia pentest+

hi

imagine paying $10

:p

What you mean by "Enterprise plans"?

i got voucher from ralexander

instead, im here spending over an hour setting up my cloudflared

How do you get a voucher????

idk

Is 0day cool?

i asked for premium and he said i can have a voucher

the begging method is wild

Naaaaa

He

Okay

XP

Aw man

my SAAS is based around 3 plans. a starter plan limiting certain aspects as does business plasn but enterpise plans that include custom SLA with B2B contrats to ensure realtime help with bugs found and minimising any downtime. aswell as custom limits surrounding business logic itself

Is there a rule that says no dming admins?

Ah, that is way beyond my scope then. My apologies.

I thought you meant Shodan Enterprise

There is the golden rule of ... FAFO

Wat dat

Oh

Hmm I'ma try it

https://gprivate.com/6an0t

am i right in thinking with a very nich non ad based marketing. My full cleint base will be threw word of mouth or cold calls to specific users. i dont need to worry as much about someone with a specific goal to exploit my system.

Depends, you can tag them

Ive tagged them

Can you tag an admin and ask?

I dont see why not

Ok... Then tag em please?

Wait, you want me to do it? Lol

Na na

You do it xP

What one should I tag?

Show your strength

Anyone

@plush needle am I aloud to dm admins?

okay so running threw and pushing any seperated logics to resolve a singular point of truth would be the best point.

i have started to migrate to a singe point of truth but my migrations are really starting to stack to ensure nothing is affected that exists in my current db.

with that being said i think i do have enough freedom backend to move any business logic or points of refrnce to a more centralised sigualr point of truth for each aspect

Here's some advise: If it's a good idea, get some backers (investors) and then hire someone like a sw developer or contract to a security firm to do a pen test. I don't care how many times you went over it, if you don't know code and you got AI to do it, it's going to have holes.