#quiet-conversation

1 messages Β· Page 3 of 1

past meteor
#

i need dll hacker

spark sun
#

Help you with what? We only allow english language in this server because that is the common language of all the moderators. More languages makes it too difficult to moderate.

#

what are you trying to do?

past meteor
#

i want help

burnt night
past meteor
#

πŸ˜„

#

i have a game and i need to open a simple dll file hacker a

burnt night
past meteor
#

yes bro

burnt night
#

Please don't send DMs without asking, that is also against the rules

past meteor
#

so where can i find it

#

okey bro

spark sun
#

where can you find what?

burnt night
past meteor
#

y bro ty

thin juniper
#

he left

frail rapids
#

is a strict password symbol policy really necessary?

#

like would pentesters/hackers actually change their wordlist based on the policy (e.g. using [a-zA-Z0-9] only), or wouldn't they because it leaves out possible cracks

twin ridge
crystal cipher
#

guys is it ethical to search for indexes of websites?

soft pier
twin ridge
#

With a random separator

#

And not use "correct-horse-battery-staple"

#

Because that's in a dictionary somewhere

soft pier
#

shoot now you told everyone shadows passphrase.... time to go change it /joke

spring flicker
#

Assalamu Aleykum every one

#

I have one question about Anon Surf tool

#

What is it vpn or proxy?

#

It can change ip and address I can't know about it. AnonSurf is proxy server or VPN?

winter quiver
radiant jacinth
#

where to find rooms and which ones to start as a beginner

scarlet moth
sharp laurel
hoary nymphBOT
#

Gave +1 Rep to @scarlet moth

mortal venture
#

anyone know how to curl a website with json data? i have curl -X POST -H 'Content-Type: application/json' -d "{JSON data}" but im not getting the flag

#

Im a solid 90% sure i have the correct syntax but im formatting my JSON data incorrectly so thats an issue ill figure out later I guess

radiant jacinth
#

how did you insert JSON data?
I usually use the following and it works for me:
curl -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"user":"data_here", "pass":"pass_here"}' http://<IP>
@mortal venture

mortal venture
hoary nymphBOT
#

Gave +1 Rep to @vapid mist

grave abyss
#

Woohoo! Vacation!

winged rain
#

Would anyone be willing to share their thm notes with me?

rain vector
#

notes on what?

winged rain
#

On everything lol

#

I'm trying to reformat all of my notes

sharp plank
frail rapids
#

why aren't ctfs considered esport hmmGe

lost terrace
#

also; skiddies

sharp plank
winged rain
#

Like make an interactive visual of each server/domain and packets sent received, etc. etc.

radiant jacinth
frail rapids
frail rapids
#

I bet it could normiefied

twin ridge
radiant jacinth
twin ridge
#

Those candies were great ngl

radiant jacinth
civic rootBOT
#

:hammer: GoldenEgg#6765 has been banned.

junior tartan
#

sad

#

we will remember this dude πŸ₯€

radiant jacinth
burnt night
# junior tartan sad

Not sad at all.
This ain't the place for advertising, hence it's not tolerated.

signal hull
# frail rapids I bet it could normiefied

Definitely not. Even if it's some high speed attack-defense game, you're just seeing people type aggressively on keyboards with no really good or clear way to show what's going on other than maybe showing their terminals.

#

Even in the most technical esports like Starcraft, you're still seeing tiny guys blow each other up, and I don't need to have played Starcraft to understand that.

lost terrace
lost terrace
fierce pewter
# 
document.querySelector(
      '#path-msg'
    ).innerHTML = `<div class="alert alert-info">Congratulations on completing the Pentest+ pathway!\
        The 10% voucher code is <b>TryHackMe2021</b>, you can use this anytime before 31/12/2021.\
        Please use this code at <a target="_blank" href="https://store.comptia.org/">https://store.comptia.org/</a>\
      </div>`;```

Someone forgot to update code πŸ˜„
odd acorn
granite yoke
radiant jacinth
granite yoke
radiant jacinth
waxen sage
odd acorn
frail rapids
#

is it me or is the wifi pineapple gui really bad

#

there's 3 different tabs just for encryption (none, WPA, WPA enterprise) whilst they could just be options

#

and you can only remove/add SSIDs from pools, and not disable/enable them (if you want to use them later)

#

also, does anyone know technical docs for the interface? for example, I want to understand how the recon works on a low level: do I need to reverse the OS or is there info available

frail rapids
#

edit: figured it out by starting a tcp dump and analyzing the 802.11 behaviour of the pineapple

#

turns out it sends a wildcard SSID

sharp plank
foggy terrace
frail rapids
#

Does anyone know how to forward traffic from tcpdump to wireshark on another device?

#

I want to analyze packets from my wifi pineapple in real time for IoT VR

candid tartan
frail rapids
#

however, I can try it out and see what happens

candid tartan
#

hmm. also i think you can put wireshark on pineapple ? check the things you can install

frail rapids
#

I don't have a GUI on the pineapple so I can't run wireshark sadly

candid tartan
#

hmm... gui is via browser if we think on same. or you think wireshark gui

#

@frail rapids is v6 or v7 pineapple ?

frail rapids
#

v7

frail rapids
#

I could use tshark but I want to use it interactively to dissect packets like MQTT, DNS, DHCP and HTTP

candid tartan
#

ill fire up later apple. might they have something to do that. since there was terminal build in might help

short elk
frail rapids
#

uhhhhhh

#

that's a very good point

#

but I'm not sure, considering the ethernet-over-usb port only gets used for LAN access to the management interface (I think)

#

I need to a wifi network for internet access

short elk
#

this looks hacky as fuck but might work

frail rapids
#

holy crap

#

that might indeed work, thanks lmao

candid tartan
#

btw @frail rapids go study. don't slack πŸ™‚

frail rapids
#

need to read 160 pages for requirements engineering before januari 7th

candid tartan
#

that is 3 day reading. max 5

frail rapids
hoary nymphBOT
#

Gave +1 Rep to @short elk

west panther
#

is it possible to intercept radio transmissions

fierce pewter
#

But might be illegal, depending on frequency and country

west panther
#

for the radio frequencies of walkie talkies

fierce pewter
west panther
#

walkie talkies aren't included there

fierce pewter
#

if you need to listen to it, you need something called "radio receiver", then you just need to set frequency.

west panther
#

ohh i have one radio reciever

fierce pewter
#

*unless communication is encrypted

radiant jacinth
winged rain
#

You can intercept ur local radio station with a fan

#

Anything metal that can resonate with the same frequency as a radio wave can actually

#

I've listened to radio music through a razor blade

#

In WW2 soldiers would use nails

pliant fossil
#

yo i know i sound like a dum ass, but i bet you guys that yall cant turn a chormbook to windos

radiant jacinth
#

hellp im need kye

#

for skript

tawdry dove
radiant jacinth
#

Mango haub pet sim x

#

I don't know where to get the key please help

tawdry dove
#

Is this a roblox exploit?

radiant jacinth
#

yes

civic rootBOT
#

:hammer: fogakin#2224 has been banned.

tawdry dove
#

Someone will be with you in a moment

odd acorn
#

Thanks Moose

tawdry dove
#

Np

frail rapids
#

I stg

#

wifi pineapple is proof that pentesters should not develop firmware

#

it's like they didn't hire a UI designer nor a firmware developer

polar bison
waxen sage
# west panther is it possible to intercept radio transmissions

Intercept? You mean, like tune into frequencies that are everywhere? That is what TV used to be and what real radio still is. Wifi is radio frequency too. Police radio, construction companies. The FCC regulates broadcast though so check out ham licensing. There might be a hobby group in your area to help you get gear and learn.

#

BBC and broadcasting into news deadzones of censorship are built on the premise of anyone with a receiver able to tune in. Still to this day people push even BBC into places with tightly controlled media and long borders.

#

(for more of how this shit is fascinating, look up literal sneaker nets and how some places' internet is literally people walking in massive hard drives and setting up a local network.)

radiant jacinth
ripe haven
wicked scroll
#

hello

#

bonjour

#

bonjour

cursive marlin
burnt night
#

Google

cursive marlin
frail rapids
#

that implies the existance of roblox exploit allah

#

πŸ™

lost terrace
radiant jacinth
#

I'm a software developer by profession, but I run into so many issues I might as well be a pentester

ripe haven
frail rapids
#

pro tip: don't look at the source code of tools

#

they're god awful not so good at times

radiant jacinth
#

lol, but now I want to witness it with my own eyes

#

It's ok though, I've written some terrible software in the past, I feel especially bad because my managers would try to find a use for the tools I made to help me feel useful

tacit axle
#

p

#

!docs verify

deft fossilBOT
tacit axle
#

r

rare depot
#

how do I stop trying to rube golberg my solutions to problems

#

I should specify, I mean THM problems

winged rain
#

Sit down, identify your problem

#

Divide it into smaller subproblems that are manageable

#

Solve those problems until you hit a wall or complete the problem

#

If you hit a wall start subdividing again

rare depot
#

my issue was in the OWASP 10 room in the complete beginner path. one task asks you to find the default creds for the web service, so I deployed Burp, nmap, and dirbuster on the thing, while scouring the page source for info, eventually diving in to the javascript files to see if the default creds were listed there. The answer instead was to google it

winged rain
#

Oh that just comes with experience

#

Knowing which tool to use for which job

rare depot
#

yeah, you're right on that. I feel bad for doing all that before hand, but I need to re-frame that process

burnt night
delicate cairn
#

I'm curious as to physical attacks and social engineering, it seems nobody talks about these as if it's a thing that only happens in movies.

scarlet moth
#

it can be part of a red team test but it is pretty high risk, easier to break into someone's network than break into their building.... it is something talked about within cyber security and especially information security

delicate cairn
#

I can argue with that, the return of a physical attack can be so much bigger, sure it's harder ..but.

scarlet moth
#

it 'depends'... if you listen to the Darknet Diaries podcast they do have some various examples of physical penetration tests

chrome rain
#

Im sorry if this is the wrong channel for the question, but is there a Dark-Mode for the THM Website ?πŸ˜…

south inlet
chrome rain
hoary nymphBOT
#

Gave +1 Rep to @south inlet

delicate cairn
scarlet moth
delicate cairn
hoary nymphBOT
#

Gave +1 Rep to @scarlet moth

south inlet
chrome rain
waxen sage
#

Another is about someone who accidentally ended up being a physical pentester before the term was common or before she knew it.

south inlet
waxen sage
#

"so one day I look around and realize people are paying me to do the thing I did as a kid. It dawns on me after a few years that maybe I should get some real contracts and vet my clients." paraphrase, and left out two spoiler parts I really wanted to add.

native aurora
#

@south inlet was jenny the one where she legit could have died?

south inlet
native aurora
#

yessss! Listening to that had me on edge lol, they need more episodes from her

south inlet
#

If she's still in the business.

#

Jenny and Alethe were two of my favourites.

native aurora
#

The social engineer podcast is another good one too!

south inlet
#

Alethe, lol.

native aurora
#

ohhhh wait I didn't remember the name, yeah she makes me never want to answer the phone again πŸ˜‚

scarlet moth
#

when I worked in an office, I used to get calls all the time asking for "some name"... I'd also say "I don't know that person, let me transfer you to someone who could help" and transfer them to security

waxen sage
#

Wasn't Jenny the one who ||was sent on a job that ended up being breaking into a 3rd party, not the client?||

echo dust
grand star
#

n

serene trench
#

anyone got any fun new years resolutions for 2023? Hobbies, skills, etc? πŸ˜„ I'm excited for the new year myself! Got a few things I want to commit some more time to / try out (I definitely need more time away from computers/screens) including:

  1. getting back into candle making
  2. trying out martial arts again. I used to do Karate as a teen but stopped because moving and school and things
  3. at least sign up to a rock climbing taster session and commit a few hours a month if I like it!
  4. back driving a motorbike again
  5. fully committing with my new personal trainer. Really didn't get on with my last one, and just doing a masters & working in 2022 made it almost impossible to meet his expectations. My new one is such a decent bloke and I'll have a lot more spare time this year!
fathom panther
serene trench
fathom panther
serene trench
waxen sage
#
  1. Set reasonable goals
    2-inf: unreasonable goals
#

inf+1: learn what reasonable goals are.

rain vector
#
  1. Get more movement in consistently
  2. Keep learning through THM and a book I'm working through about how computers work
  3. Get back on track learning Japanese
  4. Find better work/life balance, which probably isn't going to happen until Q2 but I can see a light at the end of the tunnel (we've been working on switching over to a new CRM for like...over a year now, switchover date is solidly set at 1/30, at this point I hardly even care how much is broken I just want it to be over with and all the extra meetings to stop so I can have my time back and be more chill)
winged rain
#

I don't need a new year to start my goals 😀

flint obsidian
#

Hey can anyone assist with an OpenVPN question?

fossil cobalt
flint obsidian
#

lol

tawdry dove
sharp plank
#

Heyo. Anyone else get recommended a scam video on youtube recently? Idk if this is appropriate for the server, but it's interesting as I've never seen any kind of scam on youtube going around before. It's a money doubling claim impersonating Tesla lol
(Not linking of course without mod approval)

zinc stream
#

My goals for 2023

  1. Pass Pentest +
  2. Pass CEH and CEH Practical
  3. Finish my Python course
  4. Pass the CCNA
  5. Go to the gym 4 days a week.
rugged frigate
flint obsidian
sharp plank
deft skiff
#

Who is @tropic silo

zinc stream
tawdry dove
zinc stream
tropic silo
#

@deft skiffwhy did you dm me

tropic silo
quasi turtle
#

Venom can you remove that from your bio maybe? Seems like its confusing some users

simple iron
#

Hey

#

I am new here

#

Can you teach me something about ctf??

quasi turtle
#

Hey dassa, what kind of infornation are you looking for? Your question is a bit broad πŸ™‚

twin ridge
tropic silo
#

hmm

deft skiff
#

Hello

hardy osprey
#

Hello

#

i have a question about something

tawdry dove
hardy osprey
# tawdry dove Ask your question

I launched an nmap command on one of the available easy ctf, I wanted to know if it was normal that sometimes the machine (victim) did not respond and that the result of the nmap command was so long to finish

tawdry dove
#

Is this CTF on tryhackme?

hardy osprey
#

yes

tawdry dove
#

Ok

hardy osprey
#

gimme a sec to send you the name

tawdry dove
#

That's fine, I don't need it

hardy osprey
#

ok

tawdry dove
#

Did the instructions tell you to Nmap?

hardy osprey
#

the instructions gave in percentage the finalization of the NMAP command

tawdry dove
#

Since this is a THM room, I'm going to ask that we move to #room-help. Also, that you verify so you can post screenshots.

#

!docs verify

deft fossilBOT
hardy osprey
#

I'll do it asap

true narwhal
frail rapids
#

is there a tool yet that uses the process list (such as ps) to find path injection vulns?

#

considering it shows when a full path is(n't) given, so you could use it to find SUID bins

#

however, I assume most vulnerable programs aren't daemons?

red charm
#

there should be a channel to discuss about certificates

flint obsidian
junior steppe
#

Anyone here currently serving in the army?

#

In the US?

radiant jacinth
deft skiff
#

@safe rapids

fiery roost
#

Guys! What do i need to do to get "Act of Kindness" Badge. Pls answer this question.....

scarlet moth
twin ridge
#

Hasn't been given in a while now

lusty locust
safe rapids
#

Earned but not frequently received are the best kinds of gifts.

tawny egret
spiral breach
quasi turtle
#

slowmode πŸ˜„

south inlet
median vessel
twin ridge
spiral breach
tawdry dove
#

And its also not a violation of OPSEC saying you're in the armed services

spiral breach
#

someone asking who is in the services on a server such as this one, is kinda sketch

tawdry dove
#

Plenty of people come here, vets and those who are ETS, asking for assistance and next steps

#

It's not weird

#

There is a line where it gets weird, but asking if anyone is in xyz community is not

spiral breach
#

a certain community is eyebrow raising. Anything govt related being one

twin ridge
#

Not against policy here, and there are feds in here

#

Specifics are probably not allowed, but this is pretty generic

inland portal
#

Hi everyone!
first message in this server!

frail rapids
#

is it best practice to hash on the frontend?

odd acorn
radiant jacinth
#

How can one measure their technical maturity? πŸ€”

zinc stream
#

Being former US Marine myself. I would avoid all GOV talk to be honest. There is no need for it. Doesnt apply here!

echo dust
sharp plank
#

Hey, where do you all go for cybersecurity news?

lusty locust
#

LinkedIn

#

Connected to the right people

south inlet
light lintel
#

Don't know if support would fit better but anyway πŸ™‚

How do you guys work with kali? I am struggling a bit since in SOC1 are tools and software with an gui needed. My Kali is running on my Homelab as VM, so i can access it from my PC or my crippling slow laptop. Usual i ran GUI Applications more or less successful with over X11 on my pc.

I don't want to install Kali on my PC because it contains sensitive data.

Soooo how do you work with kali or what OS you are using? Do you have an dedicated machine for that?

twin ridge
#

I used wsl2 a while back, now as a VM. I think ssh + x forwarding is your best best from a Linux PC, if you're in windows 11 then WSL has a Wayland server built in

tardy lion
#

Well this is a lil embarrassing but I am a victim of a sextortion attack

#

Does anyone have any advice on what I can do to prevent this from escalating

south inlet
twin ridge
#

Also cover your webcam when not in use and don't send potentially incriminating pics to anyone

light lintel
hoary nymphBOT
#

Gave +1 Rep to @twin ridge

twin ridge
#

Haven't tried x forwarding from wsl yet

#

I suspect it'll work though

light lintel
#

You have given me an idea with win-kex i am testing it right now.

frail rapids
twin ridge
#

Oh sure

frail rapids
#

if its a desktop: remove microphone en camera cables (as the NSA director said on twitter: the only way to ensure its not getting hacked is by removing its electricity source), and if its a laptop disable them in bios

#

I only have ethernet en wifi enabled in bios to reduce attack surface

chrome zealot
native path
#

is this channel for those who are in love ?

scarlet moth
native path
scarlet moth
#

For those that want it

native path
#

ooo

#

am such a fool

odd acorn
radiant jacinth
# tardy lion Well this is a lil embarrassing but I am a victim of a sextortion attack

Honestly just don't reply and don't give up the money just screenshot and report to the proper authorities. Becareful when dealing with people online. Tbh though at worst someone close to you sees your you know but it's not a big deal. Most scammers won't leak unless you challenge them. Since this is more than likely an attempt to just scare you. Never give money because they will want more and never leave you alone

tardy lion
south inlet
tardy lion
south inlet
tardy lion
south inlet
tardy lion
scarlet moth
tardy lion
#

Shit maybe

#

If I blow up I’ll remember you

scarlet moth
#

here is the thing... blackmail is a no win game..

#

you could give them money, then they could ask for more

#

it is better to say 'ok do your worst'

tardy lion
#

Thank god I’m broke I gave him like 30 bucks but I’m boutta contact my bank and get it back

scarlet moth
#

(and use a webcam cover)... but I'm guessing it was fake

#

because there totally is a scam, even I've gotten it in my email

tardy lion
#

He was like you have til Thursday to get another 50 I was like man that ain’t happening lol

scarlet moth
#

and trust me, there is no sexy times going on in front of my camera

#

no judgement... just its such a common scam

radiant jacinth
scarlet moth
radiant jacinth
tardy lion
#

Shit is crazy the fact that this shit be happening to people daily

#

Came to this discord to be like β€œayo someone hack this dudeβ€πŸ˜‚πŸ˜‚

scarlet moth
#

yeah no

tardy lion
#

πŸ˜‚

#

Well if y’all wanna support me in some way you could take the time to check out my art account

radiant jacinth
tardy lion
twin ridge
odd acorn
#

Can’t threaten me with a good time

spiral breach
radiant jacinth
# spiral breach

Whoever made this I'm gonna need their @ because that looks so good

waxen sage
ionic crown
#

Hey, anyone know how to detect a evil twin attack?

#

Im 99% certain my neighbours who are on a cybersecurity uni course have hacked my wifi

#

I got wireshark logs which show a micro ST which i suspect is a rasperry PI

#

I also found out the company they work at, and one of the blogs talks about, both rasperry pi, wifi security. And uni placements get idiots like these to write blogs so they gotta say whatevers on there mind

polar bison
spiral breach
polar bison
#

if you have seen their RPi in person then be sure it could be them since you have got the packets traced

spiral breach
#

https://youtu.be/iHkX7NxcOSw
I didnt have OJ so I subbed Lemon juice

YouTube
Pressure Luck Cooking
Instant Pot Crispy Carnitas (with Air Fryer Lid)

Recipe: https://pressureluckcooking.com/recipe/instant-pot-crispy-carnitas/

Taco Tuesday just got a whole lot more exciting!

Carnitas are basically the Mexican version of pulled pork except they're braised in more of a citrus-infused sauce combined with a glorious dry rub. What's more? The final steps give this succulent meat a crisp leaving y...

β–Ά Play video
#

And you can use any cut of pork for this.
And my fav is small flour or corn tortillas

#

and instead of an air fryer lid, I did a Broiler setting on my oven

radiant jacinth
spiral breach
radiant jacinth
#

Aww that's cute

spiral breach
radiant jacinth
#

Thas cool asf ngl

spiral breach
#

I love cooking. Hacking is a skill, but cooking is something I also love.

#

Also make sushi. My fav food is Asian cuisine

XjzE3rSr.jpg qfslT1cs.jpg HnBiFJXX.jpg
spark sun
spiral breach
spark sun
spiral breach
#

Well, regardless, my fam is full of chefs, one of which who cooked and learned from Chef Irvine.

And, I learned from them both.
So there's that.

spark sun
#

Fair enough, I'm sure he's a great chef.

spiral breach
#

Gordon will always by my fav

spark sun
#

I always enjoyed the elegant and sublime way that Morimoto cooked on the OG Iron Chef

spiral breach
#

Ran across a master chef in the DC subway.

20180616_192905.jpg
#

Yes, das me with him.

#

I forget his name. I just know i recognized him from TV

frail rapids
#

whilst you are connected to the evil twin: check the network infrastructure (assigned IPs et cetera)

#

if you connected on a linux device, perhaps try finding logs regarding wlan

frail rapids
spiral breach
#

Using a directional antenna, you can see signal strength in wireshark.
But even if he or she is making an Evil twin, be smart and not connect to it.
And there's not much you can do about it besides banging on their door and telling them to knock it off.

#

https://www.youtube.com/watch?v=bpR56Ua8v9s
This is about finding cameras, but the method is the same.

YouTube
Hak5
How to Find Hidden Spy Cameras in your Airbnb with Wireshark

On this episode of HakByte, @AlexLynd demonstrates how to identify and track down hidden cameras that might be spying on you, using Wireshark IO Graphs.
This video is sponsored by PCBWay: https://pcbway.com

Buy a Nugget & Support the Show: https://hakcat.com
-----β˜†-----β˜†-----β˜†-----β˜†-----β˜†-----β˜†-----β˜†-----β˜†-----β˜†-----β˜†
Wireshark Vendor Lookup To...

β–Ά Play video
spiral breach
radiant jacinth
warm peak
tardy lion
#

Yup

warm peak
#

Yeah, it's fake, they take some screenshots of pictures you have sent, and make a collage to "show" they have info on you and make up a fake story about something like "this person did such and such sexual crime till someone died", don't feel alarmed by them, they won't actually do anything, just report them

radiant jacinth
waxen sage
burnt night
spring flicker
#

I have problem in linux fundamentals part3 help me plz

spring flicker
spring flicker
#

Why it happening? What should I do?

limber dove
#

I presume you are hosting a file on your own box and want to download it to the victim?

tawdry dove
little kernel
#

What’s a good channel to just ask general cyber security questions? I’m not really seeing one other than here and the general channel.

scarlet moth
little kernel
hoary nymphBOT
#

Gave +1 Rep to @scarlet moth

quick maple
bold coral
#

Is it ever possible to recover an old hotmail account by downloading the data leak data and cracking the password next to my account?

soft pier
#

@quasi turtle ⬆️

bold coral
#

I know thats the kind of stuff you arent supposed to talk about in most discords and I'm not spamming trying to ask for a how to im just asking is it even worth my time to try?

#

@soft pier nvm its not worth getting kicked over

scarlet moth
bold coral
#

I did before I posted here. I apologize I must have misinterpreted them, my mistake.
I'm not trying to steal someone else's account I swear its my own, actually the first one I ever opened back in an internet cafe in 2005 to play runescape many years ago. Kind of just venting really. nothing unethical here. I realize there is no way to convey this forbidden knowledge with the assurance it would be used for good and I accept that.

smoky mortar
waxen sage
# bold coral I did before I posted here. I apologize I must have misinterpreted them, my mist...

Can you retrace your steps? Did you reuse passwords back then, or have a pattern where you could use other known accounts you made around then to guess? If you know what grade or where you were when you made the account, maybe you had a favourite pokemon or something. Sometimes I have to retrace but isally does not work unless it was old enough to be when I would reuse... really annoying to do password reset and it says I cannot reuse passwords or I later find my note for the password and it then seems obvious.

deep rapids
twin ridge
deep rapids
twin ridge
#

Also be nice

deep rapids
#

No you

#

I got fornite battle pass

twin ridge
#

Sure why not

velvet otter
#

When a $1 from 10,000 people makes a world of difference

quasi turtle
frail rapids
#

are there IoT privacy certifications/standards for vendors?

#

I just audited my own network and realized there's waaay too many IoT devices connected to it, specifically by chinese vendors

burnt night
frail rapids
#

ahhh thanks

#

I tried googling ofcourse but I couldn't find any proper results, perhaps I used a wrong keyword

bold coral
hoary nymphBOT
#

Gave +1 Rep to @waxen sage

granite yoke
#

Need a project to put on my portfolio and do on the side for fun. Looking to be a SOC analyst. Any ideas?

tawny egret
#

My head hurts from learning KQL. I miss the simplicity of python.

fathom panther
tawny egret
fathom panther
#

ah yea, sentinel

wispy holly
mortal venture
#

Why is axelos ITIL so boring. I read one sentence and i want to go to sleep.

#

Its more boring than english composition

serene trench
#

Ah yes ITIL KEKW

mortal venture
#

Ive read like 10 pages in the past month and i have one month left to completeNotLikeThis

serene trench
#

Oh are you self-paced learning? When I got ITIL certified work just had a training provider come in for 3/4 days and then we had a day to study for the exam

#

My colleague at the time literally fell asleep during the training KEKW

#

It's actually quite an important thing but yeah damn if it ain't dry as hell I don't think I'd be able to study it online I'd need to be sat in a chair and spoke to

mortal venture
#

Yeah its just a 200 page book i have to read. Its supposed to take "10-12 hours" but its the worst. At least they gave us some dion and cyber vista tests

river ocean
#

@raven copper heya dude, would you mind DMing me as I have a couple questions I’d love to ask you about your post in #jobs-board however I might have ended up in message requests πŸ’–

wispy holly
#

Now I pray I never have to read an ITIL book again 🀣

elfin lagoon
#

Pls anyone to assist me here???. I am in the vulnversity room and I locate a directory to upload form at first but after then the link won't come up again saying unable to connect... I have bn on this for days pls help... http://<ip>/internal

tawny egret
#

Microsoft not using weird names for their security solutions is actually making it more difficult to study stuff. T_T

tawdry dove
waxen sage
tawny egret
jovial yoke
granite yoke
hoary nymphBOT
#

Gave +1 Rep to @jovial yoke

wispy holly
jovial yoke
granite yoke
jovial yoke
granite yoke
#

I apologize for all the pings/questions

jovial yoke
granite yoke
hoary nymphBOT
#

Gave +1 Rep to @jovial yoke

pure shadow
#

Anyone recommend any labs for Pen-300?

odd robin
spring flicker
#

"username=FUZZ&email=x&password=x&cpassword=x"
Help for ffuf in this type I can't understand because that example we have Username, email, password, cpassword section.
But what if we have only login and password section, what this code look like?

radiant jacinth
#

Hello, If i want to use WSL2, do i install Openvpn inside WSL2 or start it outside of WSL2

burnt night
burnt night
radiant jacinth
#

ok

#

i get error now unablew to connect

#

and the script wants to find my config file

burnt night
#

Make a proper VM with virtual box

#

Or VMware Player.

radiant jacinth
#

have done that

burnt night
twin ridge
burnt night
twin ridge
#

I only had issues when it wanted to muck with iptables

#

Like sshuttle

civic rootBOT
#

Done!

quiet epoch
#



maiden nexus
burnt night
maiden nexus
#

Did you make ur own with the router or do you use one of those subscription ones?

burnt night
#

What do you mean?
The tryhackme VPN is different

maiden nexus
#

Oh that never mind lol

odd turtle
#

Can anyone suggest some basic machines

quick maple
#

I like to go to practice, then sort by popularity, difficulty, and free or subscription depending upon what you have

odd turtle
#

Tnqs brohh

odd turtle
#

πŸ‘

burnt night
#

@jovial yoke please don't post links to join rooms when they haven't gone through the review process

south bridge
#

hey, me and my friends just started doing some cfts and we want to start practicing together, what do you guys think is the best ways for ctf teams to practice together?

hard zephyr
spring flicker
#

Hello everyone ! Currently I am learning burp suite in tryhackme.
I have problem, There is no user options and Project tab in my burp suite community edition. I don't know why. How can I fix this?

rustic heron
#

if you use a very recent version, i think it moved to a settings window which can be found by this settings-cog symbol

vital anchor
#

Hey guys, im like very very new to cyber security and hacking in general, can someone give e a rundown of what a ctf actually is? I saw this on another cyber security discord channel but what was posted just blew my mind because there wasnt actually an explanation as to what was going on πŸ₯²

odd acorn
tawny egret
vital anchor
#

ok, so thats on the website as opposed to the discord then, right? i had a look on the recent release channels and found a room but im not a subscriber yet so didnt have access πŸ˜› I'll have a dig around when i get some spare time andy maybe subscribe for full access as im currently sat at work bored out of my mind 😒

tawny egret
#

Easier CTFs give more details on what you need to do. The "real" CTFs give you as little info as possible. but you don't really have to worry about that right now.

vital anchor
tawny egret
#

Lots of free rooms to do. Don't worry about the ones that need subscription.

vital anchor
tawny egret
#

I was able to do a lot of rooms and I barely have a job

spark sun
#

We don't help with CTFs here

gleaming lion
spark sun
# gleaming lion where can i find help?

Not here. Specific CTF events often award prizes, and it would be unethical for us to help as it would be cheating. If you can explain where this challenge is from, maybe we could make suggestions.

gleaming lion
#

I'm joining a beginner friendly CTF with no prizes. Just trying to learn more about it.

spark sun
#

which CTF?

gleaming lion
#

firebird internal

#

first time joining beginner ctf, thought i could complete a few tasks after practising in picoCTF. Turns out quite challenging for me actually 🀣

spark sun
#

Good luck then! But it's still a competition and having non-team members contribute to your answer would be cheating.

nova sundial
#

what do i do

burnt night
#

#room-help please, this channel isn't for room help

zinc rock
#

i was just wondering if anyone could help,

currently, I can only run my kali linux and metasploitable on NAT networking mode, and they both have the same default virtual box assigned inet ip address so nmap doesn't return anything.

A tutorial I was watching changed both their networking mode to bridged in the VM to get both the kali linux and metasploitable having the same IP as the home router, and when they did nmap, they were able to get information about their devices on the home network.

I am also trying to follow this, however, when I change NAT to bridged mode in my VM, and run ifconfig on the metasploitable box, i am unable to ping websites and I also do not get an inet ip address like the person in the tutorial does. Instead, the inet and inet6 address gets replaced by an ether address or something.

zinc rock
#

this is on NAT mode, and its all good

#

this is when I am on bridged mode

#

and I am on wifi, and do not use ethernet, and i made sure to set the bridged adapter to the correct wireless adapter

#

so why do I not get an inet and inet6 IP address assigned by my router, and instead get an ether address?

spark sun
#

One of the networking options in vbox is shared nat. The default nat is a unique per VM network.

zinc rock
#

oh ok. do u know how I make it so I can connect to my home network using the metasploitable

#

wait

#

i found that apparently you cannot bridge to a WIFI adapter because Virtualbox can't do WIFI authentication.

#

is this true, because coincidentally the person in the tutorial was on ethernet

#

and since im on wifi that would make sense

#

the interl wireless is my host machine adapter

#

so im assuming the VM cannot also share that adapter?

fathom panther
#

It should work

#

I tested it out a few days ago on Virtualbox 7

zinc rock
#

hm its weird but it doesnt for me

#

is your host machine also connected by wifi @fathom panther ?

fathom panther
#

Yea

burnt night
zealous kite
#

hey guys, im really enjoying getting prepped for my OSCP, aiming to take it in approx 10 months time, however as someone outside the industry/no indutry experience im finding the rise of AIs like chatGP

#

like chatGPT are really knocking my motivation to keep learning, especially knowing gtp4 is just around the corner etc etc. Is anyone else in this boat? Will gaining the OSCP and the skillset/knowledge involved essentially be moot in 12 -24 months? I know there arnt answers but keen to hear opinions and if the rise of this new tech is hitting the motivation of any other newcomers to the field?

#

i cant get over that this might be an incredibley bad time to get into tech/IT/info sec due to the rise of these new technologys

south inlet
#

AI is dumb.

#

Sure it can do lots of things of things fast, but it's not correct the majority of the time.

zealous kite
#

I agree but current iterations wont remain static right, and i mean even GPT3 can correct its cod\ing mistakes through a "dialogue" with the operator

#

i think its going to turn alot of skilled work into semi skilled work, and decimate alot of white collar positions in all honesty

#

just wondering if anyone else is finding it affecting there motivation though to be honest? I'm going to keep going regardless, but damn, it's come at an annoying time

#

this is it, we really are at the early stages of a civilisation defining technological revolution

#

its definitley made me lean more heavily towards my medical and lockpicking skillset

burnt night
#

ChatGPT is especially oversold by people who don't understand the massive flaws

zealous kite
#

i mean i guess its not current iterations im really worried about

burnt night
#

You know what they say about predicting the future.

zealous kite
#

but I do think its going to have a massive impact on job markets as a whole going forward, of course there is alot of media hype and such

zealous kite
burnt night
#

No. They say it's a fools errand.

zealous kite
#

"Artificial intelligence model predictions from historical data on how AI research would develop over five years matched reality with more than 99 per cent accuracy "

burnt night
zealous kite
#

I dunno I think if your in the industry already there is alot of room for leveraging your experience and adapting, maybe im just buying into the hype to much but as someone trying to break in it's a little demoralising, im going to keep going on regardless

zealous kite
zealous kite
#

I'm really interested in hearing other opinions on this to be honest, not trying to be argumentative or facetious

twin ridge
#

I don't think AI can replace the engineering required in proper software design, yet

#

Well I say AI, but I mean ML

zealous kite
#

but to be clear im not just talking about chatgtp3, im interested in opinions of what the impact of future iterations of similar technologies might be on the industry and job market

zealous kite
twin ridge
#

Also it cannot produce anything truly novel. It can only derive from it's training set

odd acorn
#

Hey, sorry, we don’t do this here

radiant jacinth
#

Hey my bad, I didnt mean to go against guidelines if thats what happened

radiant jacinth
hoary nymphBOT
#

Gave +1 Rep to @odd acorn

radiant jacinth
#

Another flaw I noticed with ChatGPT is most of it's cut-off of information is from 2021

odd acorn
radiant jacinth
#

Yes, if you read the front page, it states that any info after 2021 is limited.

radiant jacinth
twin ridge
radiant jacinth
scarlet moth
#

I'd like to see what french tacos look like

#

I've seen brit enchiladas which is a bit of a shock as well 🀣

#

oh french taco... those look like crunch wraps without the crunch... I've made those

twin ridge
scarlet moth
spark sun
scarlet moth
spark sun
scarlet moth
#

the recipe for this one calls for 1 tsp of chili powder 🀣

image.png
#

but 1 tbsp of brown sugar

spark sun
twin ridge
scarlet moth
#

i'm just gonna say no sweetener goes into enchilada sauce

spark sun
#

I don't get the marinara on echiladas though

#

at all

twin ridge
spark sun
#

why would you want that?

scarlet moth
#

the amount of tomato sauce in enchilada sauce should be pretty minimal

twin ridge
#

Fair

#

But as a non-mexican, I haven't a clue πŸ˜‰

spark sun
#

I am also not hispanic

twin ridge
#

Yeah but you live in an area with a sizable population thereof

spark sun
#

also true

twin ridge
#

I never have πŸ˜‰

#

Too cold in the frozen north

spark sun
#

Canada is actually one of the most popular routes for extra-legal population migratory purposes

#

Several years ago, vancouver into WA state was more popular than river crossings in texas

twin ridge
#

Yeah but they don't stay in Canada

scarlet moth
#

I am Mex American so yeah I can criticize enchiladas but I also know that ingredients aren't always readily available in other countries

spark sun
scarlet moth
spark sun
burnt night
spark sun
soft pier
#

think that is leek and not onion but what does shadow knnow

scarlet moth
#

it is green onions

#

I mean I'm pro green onions so not gonna complain about that...

twin ridge
#

I use a spoon myself

spark sun
twin ridge
#

That is quintessentially british

burnt night
#

Oi

twin ridge
#

Wonder if she knew about the pit?

radiant jacinth
#

Cannelloni

plush sleet
#

hello everyone

#

is anybody Soc

raven copper
vital anchor
#

am I the only brit who just lives off sandwhiched everything and snickers then?

serene trench
vital anchor
# serene trench what are you go-to fillings in your sandwhich

Well i had a lovely bacon and smoked cheese toastie this morning with brown sauce for dipping. Go to sandwich is actually a Homemade sweet chilli chicken wrap.

  • cooked chicken breast, diced
  • 80g lightest mayo
  • 15-20g clear honey
  • 30g sweet chilli sauce
  • 1 tbsp smoked paprika
  • mix well, add chicken, mix again
  • place mixture on wrap
  • air fry 200Β° for 2-5 minutes depending on preferred level of crispiness πŸ€—
odd acorn
#

Disappointed that you didn't say cheese and onion walkers

primal grove
hollow bluff
#

Hi dudes
I am a newbie in cyber security. I want to embed a webhook script in an html code. It didn't work when I wrote it directly as a script.
How can I do that ?

south inlet
twin ridge
south inlet
#

Or pickled onion.

odd acorn
south inlet
twin ridge
#

Omfg wtf Britain?

south inlet
odd acorn
#

Hydra, this is 90% of brits childhood

twin ridge
#

That explains a lot of things

spark sun
south inlet
#

Pickled onion or tomato ketchup.

twin ridge
#

@spark sun quarkus is driving me mad 😦

spark sun
twin ridge
#

I mean it's mostly kotlin causing the issues I think

#

Because it's working as advertised with java

spark sun
#

hmm

#

isn't kotlin supposed to be a better language to interact with the jvm?

lilac kayak
#

mmm Chicken & Waffles is the BEST. If I'm at a restaurant and see that on the menu... I don't even look at the rest of the menu

twin ridge
spark sun
twin ridge
#

My mongo ids were being incremented by one in the db

#

Vs what was specified

#

Probably the serialization being dumb

#

Maybe it would have worked with Jackson

spark sun
#

Please don't advertise here.

solemn cove
#

I just wanted to help the THM community as I myself like doing cybersecurity, no worries though

spark sun
#

Rule 3 is the relevant rule - if you are making money from it, it's advertisement/self promotion

#

If you join and immediately advertise, we pay a lot more attention to it.

frail rapids
#

holy crap

#

I'm listening a podcast of a dutch journalist who talks to different types of real cybercriminals e.g. phishing folks, cash cow folks, malware developers, game ddos'ers, et cetera

#

I'm honestly surprised how many folks are my age and how dumb they are

#

"a vpn and encrypted drive will prevent the police from arresting me"

  • a dude who sells and dumps databases bruh
lusty locust
#

It's great if you have the capacity to ignore lot of stuff.

solemn cove
mortal venture
#

!docs vpn

deft fossilBOT
#
TryHackMe
That topic does not exist!

Use !docs to list all of the available topics.

From TryHackMe with ❀!
mortal venture
#

uuhh anyone know what the vpn troubleshoot thing is

#

i have found, disregard

mortal venture
#

hey would anyone be able to help with openvpn. It is enabled and started yet not tun0 interface is being created. I've done a bit of looking around but I am at a loss

burnt night
#

Assuming it's the THM VPN

mortal venture
#

I shall reallocate

analog plover
#

Bonjour,

Je n'arrive pas Γ  copier coller mon shell.exe sur la machine Windows de la question ' CrΓ©er un shell Windows Meterpreter 64 bits Γ  l'aide de msfvenom et tΓ©lΓ©charger-le sur la cible Windows. Activez le shell et attrapez-le avec le multi/handler. ExpΓ©rimentez avec les fonctionnalitΓ©s de cette coque.'

Comment faut-il faire pour copier coller mon shell.exe svp? j'utilise la machine attack the box

#

Good morning,

I can't copy paste my shell.exe to the Windows machine from the question 'Create a 64-bit Windows Meterpreter shell using msfvenom and upload it to the Windows target. Activate the shell and grab it with the multi/handler. Experiment with the features of this shell.'

How do I copy paste my shell.exe please? I use the machine attack the box

twin ridge
#

redirect the output to file and upload the file

#

also, Just English is fine πŸ™‚

frail rapids
#

reading case law reports related to cybercrime is interesting tbh

#

feels like a giant rabbithole, as much as hacking itself

#

additionally, you get a load of gloating (/s)

rotund leaf
#

Where can I learn something important

tawdry dove
rotund leaf
#

Penetration testing

rotund leaf
tawdry dove
rotund leaf
tawdry dove
#

THM is a Cybersecurity learning platform focused on penetration testing

bleak bough
#

internet doesn't work in any linux i install on my pc for pentesting. Can anyone help me plz plz plz.... I am using huawei wifi

twin ridge
#

hard to diagnose without more context

twin ridge
#

what are you trying to advertise here?

civic rootBOT
#

:hammer: king_aami.r#6059 has been banned.

silver imp
#

Hello Guys anyone using macbook air m2 for pentesting?
How is going on with the heat?

hollow sandal
# silver imp Hello Guys anyone using macbook air m2 for pentesting? How is going on with the ...

I looked into using an m2 a while ago for virtualization related work, I believe my experience is transferable to pentesting, I found out that many x86 tools didn't run in an adequate performance under UTM, that is because it emulates the x86 system rather than virtualizing it, however renting a cheap EC2 instance of windows proved to be quite effective for most things that UTM wasn't good at.
Personally I suggest you make a list of programs you wish to be using frequently on your mac then lookup the benchmark for each tool under UTM, that is to get a better understanding of the monthly fee you are going to be paying for cloud EC2 instances if you chose to go that route.

median vessel
#

I don't know if it is just me but I tried to verify the kali ISO files from their website but none of their checksums are matching up with what they have posted.

#

I tried calculating the hash through certutil from powershell, linux sha256sum, and gtkhash from linux.

burnt night
#

@hollow sandal Please don't post other discord servers, it's against the rules

mortal venture
#

hey Hydragrum is it okay if I ask a question about one of your walkthroughs? Or I can ask ninja, the creator of the room but i think Hydragrum would make more sense

radiant jacinth
#

Hi there guys
could anyone help me to get a free software of text into video

mortal venture
#

have you tried youtube or google

#

https://designs.ai/ https://www.synthesia.io/ https://www.veed.io/edit/20292a6d-084f-457c-a72c-d1e8ea29737e?source=/ found 3 for you

Synthesia | #1 AI Video Generation Platform

Create AI videos by simply typing in text. Easy to use, cheap and scalable. Make engaging videos with human presenters β€” directly from your browser. Free demo.

VEED - Create, Edit & Share Videos Online for free

Veed is a simple but powerful video editor, try our free video editor to, resize video, trim video add loads more!

radiant jacinth
#

Thanks a lot, but it does not work

#

what I need is a free software of text into video, I have create a script text via Chat GPT, and I want to turn this text into video.

odd acorn
radiant jacinth
#

for Youtube

odd acorn
#

Do you mean text to speech?

radiant jacinth
#

No text to video

#

I am sorry ,my bad

#

I need a free software of text to video

odd acorn
#

I'm not entirely sure what you mean by text to video. Could you elaborate?

radiant jacinth
#

πŸ˜†

odd acorn
#

What's the purpose of the software?

#

What is it supposed to do, and don't say convert text to video πŸ˜†

radiant jacinth
#

I am sorry, My English is suck

#

Exactly, convert text to video

odd acorn
#

Yes but that doesn't make sense

radiant jacinth
#

Sure it does

#

make sense

odd acorn
#

Not really

radiant jacinth
#

You do not know it yet

odd acorn
#

What's the end goal? What's the outcome?

radiant jacinth
#

the ultimate goal is that you can generate any sort of videos you like

#

you know what i mean

odd acorn
#

If you mean videos of text, yes

radiant jacinth
#

can you catch my drift

odd acorn
#

If you mean generating a video from a description, then no

#

I don't think there's any free tools out there that will generate a video from a description you provide it

radiant jacinth
#

OK, Fine, what about Dall.E 2.0

#

you say something, then it draft an image for you.

odd acorn
#

Yes

#

That's an image, not an entire video

#

And compiling a load of images in to a video from DALLE would be incredibly difficult, frustrating and complex

radiant jacinth
#

it can update itself

spark sun
#

Good luck writing that code.

radiant jacinth
#

you just do not think so@odd acorn

odd acorn
#

Prove me wrong πŸ™‚

radiant jacinth
#

that is your opinion

#

I can not , my English is suck, I do not even speak English right way

#

But, we got ChatGPT, let me check if it can prove you are wrong

#

πŸ˜†

#

Hold there for a moment, I will be back!

#

@odd acorn

#

Hello

#

@odd acorn

#

are you there

odd acorn
#

@radiant jacinth First, I didn't say it was impossible πŸ™‚
I said it would be 'difficult, frustrating and complex'

Second, please don't post text walls here, it floods chat.

radiant jacinth
#

OK

#

My rude

#

I am sorry , I would not do it again, can you forgive me just for this time

#

@odd acorn

#

Are you sleeping

radiant jacinth
#

Is there anyone who want to hire me, I mean offer me a job, I got CLP & CPP

#

Hi guys

#

are you guys sleeping right now

unkempt apex
#

yes

radiant jacinth
#

OK, what sort of job, Mr or Miss @unkempt apex

potent lance
odd acorn
mighty echo
#

I thought they wanted a tool that would literally produce a video of text - not something like dalle lol

winged rain
#

Ask dall e to make you a flipbook

quasi turtle
#

iirc some people are using Stable Diffusion to create videos but its more like burner says, it's really a flipbook / stop motion kinda thing. i've not looked too deep into it

winged rain
#

Technically all videos are flip books it's just how fast the flips are going

#

Wait

#

No you also need a certain number of pages for every flip

quasi turtle
#

I know what you mean haha, just want to emphasize the stop motion type of video it will be

#

stop motion also isnt really the right term

#

Anyway they can read the readme if they wanna know how it works x)

hollow sandal
hoary nymphBOT
#

Gave +1 Rep to @burnt night

wanton plinth
#

Hey guys, I'm asking for a suggestion. What do you think is a better option between having kali on a vm running on ssd OS(windows) disk, and keeping it on an 128GB sd card and booting from there? Pros and cons?
Thnx for the help happyPanda

meager temple
#

hey @odd acorn
i need you for support desk, wanna ask something

odd acorn
meager temple
#

can i dm you?

serene trench
odd acorn
meager temple
#

my payment isssue

odd acorn
#

You need to email support, I don’t deal with these issues via discord

meager temple
#

hmm

#

already dealt with actually. but i want to know when my refund will be on my account?

#

any idea?

odd acorn
#

Up to 10 days

meager temple
#

understood, thanks.

wanton plinth
serene trench
wanton plinth
serene trench
#

sounds good πŸ™‚ have a good day!

left relic
#

hi, is there any discord channels that for security researchers who studies together

gilded hound
#

Anybody know how captchas work?

azure trench
soft shale
coarse wing
#

Hello guys I can't seem to download the OpenVPN config for the any room today......

It keep redirecting me to 404 page cannot be found

south inlet
#

Can you change server?

coarse wing
#

Ok thanks

coarse wing
#

It doesn't seem to work

south inlet
#

Did you try regenerate?

coarse wing
#

Take me through that process

south inlet
#
  1. Select a different server.
  2. click the blue button.
  3. wait 15 seconds.
  4. download.
coarse wing
#

Ok

serene kelp
#

Hello I’m trying to download the openvpn for wreath but keep getting error after changing servers too

south inlet
serene kelp
serene kelp
#

Anyone ?

twin ridge
hollow sandal
soft pier
#

nice

twin ridge
#

Grats

hollow sandal
#

Thank you. 😁

soft pier
#

you completed a room that tons of people think is broken

hollow sandal
#

I faced some difficulties with using Metasploit eternal blue module but updating it fixed the issue 😁

deft fossilBOT
#
DarkStar7471
Because I said so.
twin ridge
#

Fail.

winged rain
#

yes 😦

#

!dark

deft fossilBOT
#
DarkStar7471
Peace, dudes.
cursive marlin
frail rapids
#

Is it still worth calling the impact of a vuln RCE when it's based on TLS not being validated?

#

because IMO it reduces the impact greatly because someone would still need to change/mitm dns records

twin ridge
#

Makes it more effective behind corpo proxies

frail rapids
#

ah okay

#

am currently poshing a blogpost so I was kind of careful calling it RCE because I didn't want to be another JD0

twin ridge
#

Corps will have a mitm filter on internet traffic, so a lot of tooling just fails behind it

frail rapids
#

interesting - is that part of DPI?

twin ridge
#

yeah

#

it's a pain in the behind

#

I know ours changes the MITM certs out quite frequently so they can't just be added to the trust. Also Java....

frail rapids
#

can't trusted certs be automated in an AD environment though? assuming you're not using Linux

astral lark
#

I'm just over here happy to be 500 points away from 0MN1 and in the top 2% but I truly don't know if it's feat exactly? Like is it high enough to matter?

kind mural
#

Hello @autumn trout

autumn trout
kind mural
scarlet moth
#

we could say the same thing about Bee..

kind mural
scarlet moth
kind mural
scarlet moth
autumn trout
odd acorn
kind mural
odd acorn
#

Welcome back!

kind mural
#

πŸ‘‹

#

Thank you πŸ₯³

soft pier
#

???

kind mural
#

πŸ‘€

quaint basin
kind mural
#

?????

quaint basin
soft pier
#

sorry hollie shadow does not recall you

quaint basin
#

Or likely the vast majority of the other 167550 people in the server I would wager...

kind mural
#

167552*

quaint basin
#

Subtract two

kind mural
#

I don't recognise myself

quaint basin
#

Shadow knows herself, and already doesn't recognise you

kind mural
#

ah

quaint basin
kind mural
#

I thought you meant me not recognising people kekw

quaint basin
#

Speaking of, hey Hollie, how's you?

kind mural
#

Not so bad, just doing some stuff on proxmox, yourself?

quaint basin
#

Nae bad. Taking binaries to bits. Always fun.

kind mural
#

Binaries to Bits would be a good name for a podcast

quaint basin
#

Christ, don't give me ideas that'll make me more busy.

#

I'm already procrastinating my dissertation with OSED 🀣

odd acorn
#

Oh Muir, if only you'd make a podcast

kind mural
#

I made a Typo in my ZFS Pool and now its going to haunt me every time

image.png
quaint basin
kind mural
odd acorn
quaint basin
# kind mural How are you finding OSED?

Eh, it's good fun. Binex is my weak point just now, but I'm very appreciative of the case study teaching style. Was amazing on WEB-300, and it's amazing here. Learnt a lot.

#

Still got a long way to go with it. Just shy of half way through the materials.

odd acorn
#

Oh actually Muir, while you're here could you do me a.. small favour?
Could you add a ciphers check in the OpenVPN Troubleshooting script? πŸ₯Ί
(If you are still updating it that is, don't worry if not)

quaint basin
#

Uhhhhhhhh, maybe, if time
You may be better PR'ing that in for the sake of it being done sometime in the immediate future πŸ˜†

What checks are you looking for exactly?

kind mural
quaint basin
#

Aha, thanks. Yeah, some of it is painful, but it's all so beautiful. I love the neatness of a finished exploit.

odd acorn
quaint basin
#

What exactly are you hoping to check for?

#

Or, to rephrase, what should the cipher be?

#

Because if it's a single value you want then it's a really easy thing to add

odd acorn
#

If the output contains:

DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.

Run sed -i 's/cipher AES-256-CBC/data-ciphers AES-256-CBC/' *.ovpn

quaint basin
#

Okay, so that's probably doable, but it'll need some re-architecture

odd acorn
# 
testCiphers() ( if grep -qioE "OpenVPN ignores --cipher for cipher negotiations." $ovpnoutput;then return 0; else return 1;fi )

[...]

elif testCiphers; then
  sed -i 's/cipher AES-256-CBC/data-ciphers AES-256-CBC/' *.ovpn
  return 0
fi

Probably something like that, without the lack of input and missing lines?

quaint basin
#

You'd need to add a test case in there

odd acorn
#

Sorry, I've just hijacked the chat πŸ˜†

quaint basin
#

Yes

#

Exactly

odd acorn
#

Alright, I'll do a PR, thanks Muir ❀️

quaint basin
#

Np β™₯️
I'll trust you to test it first lmao
My VM that was setup for THM connectivity died when I shifted to my new PC

kind mural
#

Only way I can get metasploitable2 to actually shutdown is to stop it manually via proxmox shell which is frustrating.

odd acorn
spark sun
kind mural
quaint basin
mighty echo
#

When ℒ️

kind mural
spark sun
quaint basin
signal hull
#

Actual question: are there? I've only ever heard people recommend Darknet Diaries, and the only other one I've found to be interesting is Day[0] podcast. I don't listen to security specific podcasts very often, but I don't know how many I've seen that have lasted a long enough time.

#

Maybe most of them just aren't as good πŸ€·β€β™‚οΈ

spark sun
kind mural
# signal hull Maybe most of them just aren't as good πŸ€·β€β™‚οΈ

Most of them from what I have seen heard are interviews and not really much discussion but I also find that with cybersec discussion is fine but cybersec news isn't really podcast worthy unless its a big bug that has a lot of implications that can generate discussion. Even then its still a very niche audience that would enjoy that discussion as I find (my own experience here) that a lot of cybersec is more visual...seeing the exploit, using it yourself etc.

#

But also a fair amount aren't really that good either.

signal hull
#

That makes sense. I feel like a podcast just having stories from pentest/red team engagments, or putting a network together, etc. could do pretty well if the conversation was entertaining and flowed well enough, or just something similar to the discussions that already happen on Discord. But then again, the community is niche enough where I don't know who could pull it off feasibly.

#

A Muiri + juun podcast (and possibly other thm community members) would unironically be kind of good though based on the conversations I see here from time to time πŸ‘€

winged rain
signal hull
#

NDAs would probably be an issue for some cases now that I think about that one

winged rain
#

It doesn't have to necessarily be about the who what when of the engagement but general tools and methods used and like what obstacles had to be overcome etc.

fickle marsh
#

the vpn not stable to access ad lab , anyone same?

south inlet
#

Which one?

frail rapids
#

how can I prevent windbg from stopping at a ret?

image.png
#

I want g to continue indefinitely, like continue in gdb

glossy bison
#

hello everyone i have bought pen 200 (oscp) and i am doing pronving grounds play and practice before this i have done good amount of ctf machines on hacthebox i have experience and i will gave exam in 2.5 months so i want a partner to study with me but not beginner if anyone interested so please message me πŸ™‚

candid tartan
jolly wraith
#

I applied for a internship today and got it. But the it was a startup and the Guy was planning to create a stockmarket info website with 2 Interns within a month. Guess what, the two interns he selected were data scientists. πŸ’€ ( plus the salary he offered was 35$ per month!)

pure skiff
frail rapids
#

am I the only one who believes bug bounty programs are a bad thing

#

its a way for companies to get security testing for prices way below minimum wage in some cases

#

e.g. you spend 10 hours testing for xss and get 100$ in return

#

its not like blackbox bug bounty is a way to bullet proof an app as well

#

IMO there's a fine line between "hack me for money" and "report vulns to get money as donation"

quaint basin
twin ridge
#

also what Muiri said

spark sun
#

I don't think bug bounty itself is bad. I think the way almost every program is run is bad

burnt night
fathom panther
#

How is secure coding done in your workplace? Does a seminar take place for it for developers or security analysts and testers are included in the decision making process when a feature is being built

jolly wraith
quaint basin
burnt night
#

@radiant jacinth Hi, please leave that to the mods

waxen sage
jolly wraith
quaint basin
# jolly wraith A Experience Hunter will take lesser time than a Beginner in any type of bug.. I...

No, an experienced hunter will likely (dependent on other factors) take less time to find individual bugs than a beginner.
A complicated XSS may take an experienced hacker 10 hours to find, but a beginner 100 hours (or be virtually impossible).
Alternatively, a simple bug may take an experienced hunter longer than a beginner if they overlook it, overthink it, just outright don't see it, are heavily sleep deprived, blah blah blah.

Again, blanket statements are rarely correct, in this case they just make you look like an ass. Not every bug is the same. This is real life, not a CTF, or points in a video game. Some bugs are more complex than others, and the hunters are all human.
When confronted with the same bug, yes, you would expect an experienced hacker to find it quicker than a beginner, of course you would -- but to say that an experienced hacker will never take 10 hours to find a bug is just bullshit.

smoky mortar
peak skiff
#

Man that Upload Vulnerabilities room was a fun challenge task 11 kicked my butt pretty hard but happy I got through it!

restive hollow
#

hello can u tell me how u get reverse shell

#

oath breaker? im stuck sync 1 week

peak skiff
#

I can do my best bub. What task are you stuck on?

peak skiff
mortal venture
#

I know this isnt try hack me related but is anyone here proficient with cisco packet switcher? Im having quite a bit of trouble with some things and research on my own is coming up at a loss

real chasm
jolly wraith
quaint basin
jolly wraith
quaint basin
#

Your simple run-of-the-mill "put a payload in the search bar with little to no filtering" sure. Something more complex or chained may take a lot longer, regardless of your experience level. Yes, it will be easier for someone with more experience, but to say that it will never take an experienced hacker a significant length of time to find an individual bug is just patently false

jolly wraith
quaint basin
#

No, you said that (and I quote) a "noob" will take 10 hours to find an XSS but an "experienced one" will take less time.

#

Which is incorrect. A complex XSS may take an experienced hacker 10 hours to find, but an inexperienced hacker a lot longer

jolly wraith
jolly wraith
quaint basin
#

Correct. I don't disagree with the comparison. I disagree with the assertion that an experienced hacker will never take a long time to find a bug lmfao

quaint basin
jolly wraith
quaint basin
#

No, that might be what you meant but it's definitely not what you said

#

What you said originally can't be interpreted any other way than an attempt at an authoritative statement, no insinuation of comparison

jolly wraith
smoky mortar
jolly wraith
odd acorn
#

Just a reminder that this is quiet conversation πŸ™‚

smoky mortar
turbid vine
#

Can anyone recommend a free video editing software that's going to be relatively easy to wrap my head around?

signal hull
#

I use DaVinci Resolve. I think it’s easy enough to follow if you’re only doing simple cuts and edits, but I don’t know what your definition of β€œrelatively easy” is.

spark sun
#

I've had good results with KDEnlive on both linux and windows

turbid vine
#

I'll give them both a go, cheers guys

fallen radish
quaint basin
#

+1 for KDEnlive

#

Or OpenShot

mortal venture
#

Hey, sorry for the ping. A while ago i was getting into malware analysis and someone recommended a series for me to watch, it was either @twin ridge or @spark sun. It was a long time ago. It might have been ninja but someone here recommended a person i should watch to help dip my feet into mal analysis. Do you guys remember who it was?

winged rain
#

do you remember what channel it was in?

mortal venture
#

i treid although it was on my phone lol i can try again. And I do not, it was a very long time ago

spark sun
glossy apex
#

s

fathom panther
mighty echo
#

Am I right in saying that when you use a VPN, your traffic goes from your device, to the router which then routes it to the VPN servers who then make the request to whatever your trying to access and return the results (encrypted) back. Except that the data you send to the VPN provider through your ISP is encrypted so only they can decrypt and then make the request you want without your ISP seeing what you want?

image.png
cyan topaz
# mighty echo Am I right in saying that when you use a VPN, your traffic goes from your device...

if you're using VPN, then your PC is considered a VPN client and it'll encrypt your data using public key of VPN server before sending it anywhere

after encryption, your data packet will go through your router, then through your ISP and then to the VPN server

your data will be encrypted while it travels to the VPN server. what's also going to be encrypted is the destination IP of your packet which means that ISP will only see that your router is sending a packet to the VPN server (even if your real destination is somewhere else)

after your data arrives at the VPN server it'll be decrypted using VPN server's private key

what's also going to be decrypted is the destination IP of your packet which will let VPN server know where to send the packet next

the VPN server will also form a table (similar to NAT) so that it knows how to send the packet back to you after it comes back

mighty echo
#

Thought so, thanks :)

radiant jacinth
#

red laser dots for cats are the greatest invention ever !

#

innovation that matters blobfingerguns

fathom panther
#

Are MITM attacks still relevant (outside AD attacks like LLMNR poisoning, relaying, etc.) ?

winged rain
#

I'd say evil twin attacks are still somewhat relevant

forest elbow
#

Hello, I have a Question. Any alternatives to NIST Risk Management Framework?

smoky mortar
spark sun
#

at least NIST is fully distributed for free from the us gov NIST πŸ™‚

soft pier
#

does mitre have a free option too????? for that purpose