#quiet-conversation

1 messages Β· Page 48 of 1

frail rapids
#

its a defcon group from ukraine

soft pier
#

hmmm yeah looks safe enough after checking their website a bit

frail rapids
#

Yet, they don't poison x-forwarded-for

#

a tad cringe to use their server ipv4

regal jetty
#

tfw you go to someone's webserver and they don't even have an X-Clacks-Overhead

frail rapids
#

TIL that's a thing

dusty sleet
#

I am this evil

twin ridge
#

That's cute

#

24446666668888888 is also evil

dull dove
#

1 two, 3 fours, 5 sixes and 7 eights vs 12345678

#

That truly is evil

frail rapids
#

Just had a discussion with a professional web developer about CORS

#

the dude thought that CSP was CORS PepeLaughPoint

dusty sleet
#

wat a prof

#

imagine not knowing wat cors is

#

🀏 kekw

twin ridge
#

Tbf CORS is a pain

dusty sleet
rapid summit
#

It’s a good time to quit.

frail rapids
twin ridge
#

Smoking bad. Thanks for coming to my ted talk

regal jetty
gray jetty
#

why not just base64 encode "password" and be done with it

regal jetty
#

Oh no sorry I forgot I changed it the other day. Now it's "OscarZeroMikePapaTwoNinerEchoBangFiveTwo"

frail rapids
#

How does this open the control panel?

#

Does it have to with the extension?

short elk
#

@summer verge hiya :D i’m confused here, why it’s del and not al?

IMG_2823.png
#

and this instance is al

IMG_2824.png
regal jetty
#

He's more literally saying the hospital is "a short distance from ..." but such things are often reoriented in a proper translation

short elk
#

ohhhh that makes sense now

#

what website is that?

summer verge
short elk
#

but the image that charlie sent above clears it up, a short distance FROM THE which now makes sense to me to use del

regal jetty
#

es.wiktionary.org specifically -- you could look up 'cerca' on en.wiktionary.org, and this English Wiktionary has a substantial entry for 'cerca' in the 'Spanish' section that does nothing to clarify the usage lol

short elk
#

hmm i might need to set mine to spanish

unknown.png
#

ahh yeah lol i'll go to es version now

#

sweet i think that'll help a lot in the future thank you both 😌

tawdry dove
#

@burnt night @smoky mortar

steel saddle
#

$600 you can find a decent card , not the latest but i think you can do almost all rendering jobs you have

burnt night
#

@pliant thunder No.
Begging is not appropriate here.

tawdry dove
#

Gracias James

steel saddle
#

me , thinking they were looking for help with graphic card πŸ˜…

burnt night
winged rain
#

Back in grade 8 we started a GoFundMe for one of our friends to get a PlayStation

#

We got like 5 dollars

#

Wait I might have the video we used for it

#

Some strangers sent us 5$ over this shitpost

frail rapids
#

I don't understand why humble bundle sells this vegan related content while the tech related bundles sell twice as much

Screenshot_20220103-204523_Gmail.jpg
quaint basin
hoary nymphBOT
#

Gave +1 Rep to @frail rapids

quaint basin
#

I'll be yoinking those

frail rapids
#

No problem kekw

quaint basin
#

Also, to answer your question: Because they see the nobility and importance of the cause and choose to try getting more people into it πŸ€·β€β™‚οΈ

frail rapids
#

Ahhh, like that

burnt night
#

@quaint basin @quaint basin @quaint basin

please-dont-feed-the-bears_blowup.png
#

Heavy metal vegan cookbook

quaint basin
#

Please tell me that's in the deal I'm about to buy

burnt night
quaint basin
#

Cool. I'm getting them all kekw

burnt night
#

I'm probably going to pick it up too

rapid summit
burnt night
#

No clue

spark sun
#

VBMC was a pretty entertaining channel back when it first started. I enjoyed the puns, such as "Heil Seitan"

rapid summit
#

And it didn't overdo its run.

frail rapids
rapid summit
#

oh my, it's more than ten years old πŸ˜„

twin ridge
covert finch
#

I think vegans have a noble cause, but I like meat

quaint basin
still maple
#

Are we crucifying meat eaters in here today? What a development lol

burnt night
covert finch
still maple
#

In all seriousness though, I've come across plenty of amazing vegan dishes

covert finch
#

to an extent

#

there are a bunch of very tasty vegan meals, but meat is a crucial part of my diet

quaint basin
#

Enjoy

covert finch
still maple
#

Very passionate I see, nothing wrong with that. Make this yourself? Looks nice and easy to navigate!

quaint basin
#

Nah -- I just keep a shortened link handy because I can never remember the URL πŸ˜†

#

That answers most of the questions / arguments I ever hear. Saves me repeating myself

still maple
#

fair enough

covert finch
#

is this what you were directing me to?

quaint basin
covert finch
final gulch
frail rapids
#

Man I just peeked at low level C++ code I wrote in august for... things... and it's horrible

#

pointers statically defined as variables in classes where they're used

#

oneliners, custom function signature parsing, etc

#

Ithink I'm going to rewrite it

still maple
rough valve
#

I'm finally a WIZARD baby!

unknown.png
smoky mortar
rough valve
#

so I'm OMNI lol

#

at least I upgraded so lemme vibe again

#

look at my puppies!

unknown.png
mortal venture
#

hey im having some trouble installing literally anything. From my research it looks like my source list is the issue but even after clearing it and running sudo apt update && sudo apt upgrade i cannot seem to install any packages. I have been messing around with my system trying to properly install / build and configure a few programs, if that helps at all.

#

here are the few errors i keep getting

unknown.png
#

E: Package 'git' has no installation candidate this is the error i get trying to install any package at all

#

please ping and thanks for any help in adavanced

spark sun
#

If you've done installed any PPAs, they may not have an update for the current kernel version you have installed. Look into using the dkpg and dkms tools if you haven't seen them yet

mortal venture
#

ah thank you ill look into that

#

that is what i did at some point, i kind of just followed along some documentation for installing a program without fully understanding what i was doing so ill look into it. thanks again

mortal venture
frail rapids
#

What kind of RF signal is this?

unknown.png
#

and how can I decode it to digital/binary/serial data?

dusty sleet
regal jetty
#

Just from the pattern it reminds me of GSM interference, I don't really know but I'm posting anyway cause it'll be funny if I'm right

dusty sleet
frail rapids
#

Alright

rough valve
#

Yeees! I'm finally OMNI πŸŽ‰

dusty sleet
#

horray

winter pendant
#

Slightly more expensive, but worth it.

#

Taste exactly like normal hamburgers, with the same juicy texture, only difference is that they aren't made of meat ^^

winged rain
#

You can't just take eggplant and call it a burger that's not how it works

winter pendant
#

huge difference

scarlet moth
#

the new Gardein ultimate burgers are so meaty, I don't think I can eat them again...

#

like I didn't care for beyond burger, had a weird taste

burnt night
winged rain
#

Oh well look at my ignorance

winged rain
burnt night
#

Impossible is a separate company doing similar things

#

Still not a slice of eggplant

winged rain
#

No no I remember now

#

It was A&W

burnt night
#

Still not eggplant, but yeah that's a Beyond Burger

unknown.png
winged rain
#

Whatever it was it didn't taste very yum yum

rapid summit
#

I've had meat burgers that weren't really good.

#

I've had excellent ones made with Beyond, and at best mediocre ones as well.

frail rapids
#

I hope another humble bundle drops today

#

hopefully tech related this time

#

2 bundles expired yesterday and 1 bundle got added

#

I'm thinking about picking up the math bundle for 15 dollars but it's a tad expensive

hoary vale
#

I still haven't read the books from the last bundle I got lol

#

except the hack like a ghost one or whatever it's called, that one is good so far

frail rapids
#

Same kekw but I like to collect them in case I have spare time in the future

#

I'm currently at page 100/250 of cyberjutsu

hoary vale
#

I like to use them as in-flight reading when I'm traveling lol

#

I'm going to florida saturday, will probably read a sec+ study guide or something

frail rapids
#

Sounds interesting. are you going to take the exam or are you going to study it because the material is worth a read?

hoary vale
#

I'm planning on going for Sec+ and maybe PenTest+ at some point this month.

rapid summit
#

traveling, what's that?

still maple
hoary vale
#

I've got a PEN-200 (OSCP) exam voucher due in February pepe_laugh

#

My sleep schedule is in danger

still maple
#

jesus then the OSCP?

hoary vale
#

then failing the oscp yes lol

still maple
#

holy camoli

hoary vale
#

I might get a lab extension for that one though

still maple
#

lol. Hey at least you experienced what it was like so the next time you go for it.... it won't be as intimidating lol

#

All I have is the Project+ and CYSA+ coming up

hoary vale
#

ah nice, good luck!

#

Project+ is the management one isn't it?

still maple
#

yuppers

#

This soup is fantastic ( Ignore the detox buzzword. Silly people)

rapid summit
still maple
#

lol yeah, I ran across it before doing my grocery shopping a couple days ago and rolled my eyes but it looked pretty good so I tried it and it was ha

full roost
#

awww man, i love lentil soup

twin ridge
#

Also show your version!

frail rapids
#

Is infosec still in a job shortage?

tawdry dove
#

You mean manpower shortage? Yes

#

Cyber will be understaffed for years to come

frail rapids
#

Ah

#

I was wondering because software development makes apparently more money while infosec should be harder and I've never heard anyone talk about a shortage of manpower in swdev

rapid summit
#

There definitely is a shortage in sw dev as well.

spark sun
#

Agreed. manpower deficit in cyber gets talked about more, because it's a much larger deficit than dev.

rapid summit
#

And I wouldn't say sw dev makes more. It makes more in top paying companies for sure.

tawdry dove
#

Feel like SW Dev gets talked about more salary wise too. Tons of YouTube channels and bootcamp ads

rapid summit
#

Even folks from the remote corners of the world like me get recruiters to reach out for them. πŸ™‚

tawdry dove
#

Also feel like it's more common to start in SW than it is to go straight into Cyber, which results in it making entry job lists more

spark sun
#

I think dev is also more immediately accessible than security. SDLC is just one domain, and devs don't really touch network or infra unless they specifically seek it out

tawdry dove
#

Better wording than mine lol

rapid summit
spark sun
#

That's also true. A good dev interview demonstrates the candidates ability to reason and problem solve, not necessarily that they get to a perfect answer

#

Too many devs, I think, focus on getting 100% and not hitting that 80-85% good enough to move on to the next thing

rapid summit
#

Reason, solve the problem and tell what they're doing

spark sun
#

Yeah

#

That last part is what I see tripping people up more than anything else

rapid summit
#

The bootcamps concentrate on the leetcoding part πŸ™‚

#

A fun case I heard about was a hiring manager wanting to get someone hired for their special skills, but they couldn't, as the person wasn't good enough in the hiring game. The role itself didn't require certain aspects needed in the hiring process.

twin ridge
#

devops!

spark sun
twin ridge
#

I suck at interviews 😦

rapid summit
#

I guess that's something you have to practice for.

#

Expert advise from someone that has been working in the same company for 10+ years πŸ˜„

twin ridge
#

yeah I'm bad at that too...

dusty sleet
twin ridge
dusty sleet
gray jetty
#

wish windows machines(THM ones) wouldn't be so laaggyy/glitchy to use!
Its a drag when there's a complete room to be done exclusively in a windows attackbox

regal jetty
dusty sleet
frail rapids
#

I have premium and it's still an absolute pain

#

I wish the admins would allocate atleast double resources for the windows attackboxes

#

considering it's probably a small percentage of active attackboxes I wouldn't see why not

#

would make a huge different in UX

urban sonnet
#

Windows is what lets thm down, between resourcing and boxes dying after 1 hour it really does act as a deterrent

burnt night
frail rapids
#

The thing about #feedback-and-ideas is that you can't discuss feedback and ideas with users so you can elaborate etc. I'd like something like discords' feedback forum for THM

#

Actually, I guess I'll throw that into feedback as well

odd acorn
#

Problem with the feedback chat is that staff aren’t active enough to be able to keep up with the chat and having to comb through it constantly is time consuming:)

mortal venture
#

It’s a long one and gotta zoom in but I feel like Muir will enjoy this one

IMG_1678.jpg
quaint basin
#

There's supposed to be a solution incoming, but πŸ€·β€β™‚οΈ

quaint basin
hoary nymphBOT
#

Gave +1 Rep to @mortal venture

mortal venture
#

rip

regal jetty
#

Oh, license on boot, is an EC2 thing I guess? I played with workspaces but not sure if they have seamless licensing or what

quaint basin
regal jetty
#

Is exporting the images ever going to be a viable option? I'd be willing to run (my) sims on my own stuff if there were some way to authenticate... Or supply perms on my AWS assets? The logistics are probably a pain tho

#

But if a fraction of people had a way to take on their own resource load maybe it could help

  • swag shop when? :v
twin ridge
#

!shop

deft fossilBOT
twin ridge
#

swag^

mortal venture
#

@celest cairn sorry for the ping but you were helping me in general earlier :/ can i just manually add this link to my sources file? or is not how this works?

#

curl -fsSL https://download.opensuse.org/repositories/security:zeek/xUbuntu_20.04/Release.key | gpg --dearmor | tee /etc/apt/trusted.gpg.d/security_zeek.gpg

#

i keep getting a bunch of binary instead and i would really love to not get a bunch of binary 😦

#

wait this isnt a PPA anyways, sources file is incorrect. Can i manually add this as a trusted GPG?

mortal venture
#

the middle command is whats doing it. the dearmor

twin ridge
#

Dear or transforms the key from an ascii format (ie base64) to it's usable binary format

radiant jacinth
#

@serene trench What's covid like man just asking because someone close to me has it

#

If you don't mind telling?

twin ridge
#

it depends on the person and vaccination status and 3000 other things, I got it super mild, almost asymptomatic

#

like I had sniffles for a week, and that may not even have been due to covid

visual breach
#

on the outside, it's like a bad flu. On the inside, it's quite nasty, eating your lungs. You think "gosh, I'm just winded a bit easier" and you don't realize "that's because there's not enough oxygen in my blood because my lungs are dying". Whether your lungs will heal themselves is apparently a guess and doctors apparently have no solution if they don't, which is why people keep dying.

radiant jacinth
#

I still find it puzzling that I experienced cold sweats and I had to change shirt twice because both were damped in sweat! πŸ˜„

visual breach
#

I was basically, exhausted and sick for a week, getting nausea after each meal.

twin ridge
visual breach
rough valve
#

Wassup! When I pressed the Share Room Badges button nothing happens, I mean I get a darkened screen and that's it, any help plz?

unknown.png
pulsar coyote
#

I got it a few weeks ago and had only cold-like symptoms (headache, burning eyes, runny nose, bit of a rough throat) for a week. But I was young, healthy and vaccinated twice.

radiant jacinth
rough valve
#

yeah I know but it doesn't appear

#

see? nothing happens

unknown.png
frail rapids
#

I hope another humble book bundle will release today

#

hopefully tech related

#

two are leaving tmr two left monday

radiant jacinth
#

Isn't it vegan food cookery books?

Or do they release more than 1?

frail rapids
#

they usually release tech books, cooking books and gaming books

scarlet moth
#

applied mathematics looks fun

frail rapids
#

Most commonly, a sensor is a monitoring device on a tap, T-split, span or mirror port that ...

#

what's a T-split?

#

Is it something like this, but with ethernet cables or whatever?

Screenshot_20220105-173228_Samsung_Internet.jpg
tawdry dove
#

A T-split like they do with cable?

#

But yeah, a T-split is a physical split of the cable

burnt night
rough valve
#

it's a little bit difficult to install one on someone's network in a stealthy way lol

#

for example, during a pentest

quaint basin
rough valve
#

wdym?

quaint basin
#

It's amazingly easy to get access to networking equipment if you wear a high-vis vest and a hard hat, then ask someone completely non technical for the key

#

Heck, that's outright unnecessary half the time.
I've been on pentests for small-ish companies where all the equipment has just been in one unlocked cupboard at the back of the office. No one even notices if you nip in to check something or in the case of one of my supervisors, plug stuff in

burnt night
quaint basin
#

True that πŸ˜†
Big companies sometimes equals big cupboards

rough valve
#

that's physical intrusion lol

#

it requires to be a good actor lol

rapid summit
#

big companies employ a lot of different kind of people.

quaint basin
burnt night
rough valve
#

well, if you have physical access to a network device, boom!

#

you're in

#

no need to hack from the outside

scarlet moth
#

depends

quaint basin
#

Just means not forgetting to undo it...

burnt night
quaint basin
#

Oh, no, but we've never been queried doing it either

#

As in, by the general office staff, not the point of contact who obviously knows why we're there anyway

frail rapids
#

I'd be so incredibly nervous on a physical pentest

#

like imagine if you smile a bit while telling a lie to security to e.g. explain why you're in the building

rough valve
#

honestly I'd love to try a physical pentest

#

that's so freaking exciting tho

#

I like that feeling of "you screw one thing you're f*cked up"

#

but it has to be planned well

#

at the end, you'll go home like this

quaint basin
burnt night
quaint basin
#

Exactly. Same thing applies in a regular red team exercise

#

Either way it's just a game that ends.

#

Unless you happen to be in certain American states

rough valve
#

lol I see

radiant jacinth
frail rapids
frail rapids
#

criminal mastermind lau here kekw

rough valve
frail rapids
#

well, planning, not doing it kekw

rough valve
#

hahahahahaha

short elk
#

shat myself

rough valve
#

RIP

regal jetty
#

Just think about how much security guards get paid, then you'll feel perfectly calm and confident that half of them hardly give a flying firetruck as long as there's not something they obviously have to deal with

pine iron
#

Just leave out the part that you’re testing their physical security as well

frail rapids
#

Ohhh that's a pretty smart strategy

twin ridge
#

it helps if you have a clipboard

rough valve
regal jetty
# twin ridge it helps if you have a clipboard

Blending in toolkit (combination but probably not all):

  • clipboard
  • walk fast
  • look irritated
  • inspect random equipment disapprovingly
  • write someone's name down pointedly
  • safety vest
  • hard hat
  • coveralls
  • white cargo van with amber cherry light (try parking on the sidewalk!)
  • road cones / caution tape
rough valve
#

just wear like a plumber and say to everyone you meet that you came to repair the pipes lol

#

normally, they would leave you alone

regal jetty
#
  • ask people what they would say ... they do there
winter pendant
#

or say that you're from their ISP and came to fix an issue with the network

#

and if you can, cause a minor issue at the same time, for example start a DNS spoofing attack which will make some sites inaccessible.

tawdry dove
regal jetty
#

Oh, boy, I love Goodwill. I foooound an Alcatel-Lucent polo, AT&T, Verizon, Cisco, and the United Federation of Planets (can't wait to do that pentest) (3XL)

hoary vale
#

Goodwill is awesome

#

2/3rds of my wardrobe is probably from there

frail rapids
#

man

#

SANS sell overpriced courses and yet they take sponsorships

#

kind of like offensive security outsourcing customer support to the Philippines

tawdry dove
#

It's because you aren't supposed to be purchasing the courses yourself

frail rapids
#

That's not what I'm getting at, I mean that they should have enough money, right

#

why would they need a sponsorship

tawdry dove
#

Because what they do is an absolute plus for the community, even if they are a for-profit

#

R&D isn't cheap

spark sun
#

Sponsorship helps them focus less on sales and more on content.

regal jetty
#

They do have that work study thing where you facilitate the webex or whatever and attend free

#

moderate online training or work in-person events for ~$400-800/day discount*

frail rapids
#

Sheesh, still a lot of money

#

Although, I guess it checks out when you have hours of B2B training

frail rapids
#

In what situations would blue vs red be preferred over purple teaming?

#

The first when testing defender skills and the latter when testing automatic systems?

short elk
#

que

echo dust
#

I see purple more as a management level on RvB.

RvB engagement, get the reports, then purple to oversee the implementations and verification of outcome decisions.

smoky mortar
frail rapids
#

Ohhh okay. I guess the book I'm reading described it incorrectly

smoky mortar
rough valve
#

stealth is key in order to be indetectable

urban sonnet
rough valve
#

yes, this can be done through spoofing for example, the trick is the camouflage like a chameleon lol

regal jetty
twin ridge
#

Let alone devsecops

rough valve
#

lol

regal jetty
#

Positions where they don't even know what they want are ripe for self-determination ;o

twin ridge
#

So like tech lead

regal jetty
#

yeah what even is that lul

twin ridge
#

Apparently my current job

regal jetty
#

πŸ˜›

#

I had TLs in support but it was just an escalations 'engineer'/SME/T2-3

twin ridge
#

I see your letters and do not know what they all mean :p

#

I just have 15 years experience in what not to do

regal jetty
#

lol

#

They're probably not even using SME right either, usually it just seems to mean whoever is willing to be the most authoritative/definitive about some specific area that nobody else wants to deal with

pine iron
frail rapids
#

Is cat text.txt | wc -m the same as wc -m < text.txt?

burnt night
frail rapids
#

I assume that's a yes

rapid summit
#

just use bat, not cat πŸ™‚

frail rapids
#

bat abuse isn't OK either

quaint basin
burnt night
echo dust
twin ridge
burnt night
#

-ban @radiant jacinth -ddays 1 Crypto coin pyramid scheme

hoary nymphBOT
#

πŸ”¨ Banned crypto rollercoin#0820 indefinitely

echo dust
burnt night
#

It was just a topical thing

echo dust
#

Ah I scrolled up, see the original query now.

rough valve
thorn halo
#

wow

frail rapids
#

What are you supposed to say when someone states an achievement of yours?

#

Like a compliment, but stated and not given as a compliment

#

You did x and y greatly

#

You wouldn't say thanks because that's like it's a compliment, and you wouldn't say yes because that sounds arrogant

#

Am asking because the mayor (not joe hille) came to my house the other day for a few things and said something along the lines of that, and I responded with

Yepp, thanks

#

and I don't know if I should be ashamed of that reaction aPES2_HmmmmSip

tawdry dove
#

Thank you is an adequate response

#

Even though they are stating your achievement, it's still a form of praise. So, "Thank you, I tried to accomplish x and y to the best of my abilities. You're kind words mean a lot."

#

Something like that

wet acorn
regal jetty
#

Not all compliments will be phrased subjectively though so

winter pendant
# burnt night

good job james! keep up the good work! someday they will see the error of their ways!

burnt night
winter pendant
#

cat abuse must be stopped at any cost!

odd acorn
soft pier
burnt night
#

-warn @merry smelt Rule 8 includes obfuscated/crypted text. Keep it in English only.

hoary nymphBOT
#

⚠ Warned FlatPanda#2469

merry smelt
#

Oops, sorry about that, valid warn @burnt night. It was just a joke about the site vs. Cyberchef. https://cryptii.com/

Cryptii
Modular conversion, encoding and encryption online

Web app offering modular conversion, encoding and encryption online. Translations are done in the browser without any server interaction. This is an Open Source project, code licensed MIT.

dusty sleet
#

I gladly introduce
The Cat

wet pebble
#

The Cat...

dusty sleet
#

this is a magical water called zamzam

#

it makes wishes come true

soft pier
# dusty sleet

does this mean it can cure someone of cancer if they wish for it????

dusty sleet
#

I am gonna drink for all of us for prosperous hacks and much rooted boxes πŸ™

dusty sleet
#

I already asked for a million dollars

#

prayge

soft pier
#

shadow wanted to ask if it could do another specific thingy but felt that might make this discussion not civil and relaxed so skipper it

dull dove
gray jetty
#

I've been looking for a way to update default firefox on my kali
obviously, apt-get update/upgrade doesn't work
Don't want to uninstall my only browser(preferably) and reinstall, so any easy ways would be appreciated!

dusty sleet
#

xD

soft pier
dusty sleet
#

I can take a sip for you if u want homie

#

I already drank a sip for all the homies at htb

soft pier
dusty sleet
#

πŸ˜‚

soft pier
gray jetty
gray jetty
hoary nymphBOT
#

Gave +1 Rep to @soft pier

regal jetty
gray jetty
regal jetty
#

oh weird ok

raw shard
#

Dear All,
I am new here. Hi to all.skidy

rough valve
#

so basically, I have a pretty solid fundamental knowledge

unknown.png
#

I suck in Windows I know lol

dusty sleet
rough valve
#

go to your dashboard

dusty sleet
rough valve
#

what?

dusty sleet
rough valve
#

daaaamn bro lol

dusty sleet
#

damn me linux 90

#

I can say I use linux btw

rough valve
dusty sleet
#

well at some point I used arch btw as main so there is that

rough valve
#

what's special about Arch?

dusty sleet
#

makes u a chad

rough valve
#

that's it? lol

dusty sleet
#

yes, as for the technicalities just google it

rough valve
#

honestly, as long as it's Linux I'm good with it

summer verge
# dusty sleet I can say I use linux btw

I love Linux too, my first distro was the first version of Slackware BTW πŸ˜‚ long time Debian user, now using Fedora, because of incompatibility hardware, and I don't like Ubuntu πŸ˜‚

dusty sleet
#

I hate ubuntu

#

debian ftw

raw shard
#

What about kali bee

summer verge
#

You can say that Slackware was the arch of the 90s πŸ˜‚

summer verge
solemn raven
#

True

radiant jacinth
dusty sleet
radiant jacinth
#

:prayge:

#

😦

regal jetty
summer verge
regal jetty
#

"where's the package manager"

#

πŸ˜„

summer verge
# regal jetty "where's the package manager"

The distro booted and displayed the login. If you wanted some kind of GUI you need it to run XFree86 manually and you interchanged windows between gui and commad prompt with alt f.. keys. Nothing strange since I was coming from DOS actually gui was strange back then πŸ˜‚πŸ˜›

summer verge
burnt night
dusty sleet
#

I wanna make a room on the basics of selenium halp where should I start ?

short elk
#

usually you'd make a room on a topic you know lots about

#

so if you don't know where to start then i suggest learning more about selenium before teaching it

dusty sleet
short elk
#

you didn't but

burnt night
#

You didn't say that, you said "where should I start ?"

short elk
dusty sleet
#

ty'z

gray trellis
#

just need a little more privesc

unknown.png
soft pier
graceful wren
radiant jacinth
#

some dumb questions about cookies to help my understanding and my safety! :P

  1. how does a server know when a session ID has been terminated with you, for example if you have a persistent cookie, and you leave wipe your cookies, and rejoin does it just give you a new one? making the old one useless or does the 1st cookie's session continue it's time to live ((probs not the technical term but that's what i'm going with))
  2. if you have curl running and it automatically kills all cookies after make it's request do persistent cookies still get added
  3. if a cookie is hijacked at what point does that cookie become useless, does it refresh every time the attacker resets it
  4. if a cookie is past it's time to live is the session ID still dangerous
burnt night
#

You may notice a lot of those answers are the same

radiant jacinth
#

i have noticed that! :P

quaint basin
#

Ideally the app has a session expiry time built into it that's separate from browser session expiry. That's 15 minutes by default for PHP sessions, iirc.

burnt night
quaint basin
#

i.e. if your browser doesn't make any requests during that time period, the session gets struck off and you have to request a new one

radiant jacinth
#

thank you! :P i was really dumb an didn't understand what i was doing when i posted what i did :p so i don't intend to do it again xD

quaint basin
#

All good -- not a bad question at all πŸ™‚

radiant jacinth
hoary nymphBOT
#

Gave +1 Rep to @burnt night

radiant jacinth
burnt night
#

They're not dumb questions at all.

radiant jacinth
#

cause i was like ooooo oh no xD

burnt night
#

Hey, it might not have been a session ID

radiant jacinth
#

tbh XD i'm still not sure what it is xD

#

but by the end of today i'ma figure that out! goals

gray trellis
graceful wren
gray trellis
hoary nymphBOT
#

Gave +1 Rep to @graceful wren

placid ravine
dusty sleet
radiant jacinth
novel path
nova sapphire
hoary nymphBOT
#

Gave +1 Rep to @gray jetty

gray jetty
still jolt
frail rapids
#

What's a good CTF to play with a beginner?

#

aka someone who barely knows how SSH works

heady creek
#

if you barely know how SSH works, I wouldn't recommend playing CTFs

#

you will just be stuck.
do walkthroughs and educational rooms first

dusty sleet
frail rapids
#

I'm basically gonna guide him through it or whatever

#

he's got cybersec as a class

radiant jacinth
#

I have a ping in here but nothing :\

quaint basin
#

-undelete -a

hoary nymphBOT
#

Up to 10 last deleted messages (last hour or 12 hours for premium):

none...

radiant jacinth
#

Looking for my ghost ping? lol.

quaint basin
#

Aye

radiant jacinth
#

I dunno what's up with it, big fat orange 1 and nothing.

still jolt
#

I keep seeing unread dots for this channel, but there's never new messages.

austere skiff
#

yep. get this bug too from time to time

quaint basin
#

-undelete -a

hoary nymphBOT
#

Up to 10 last deleted messages (last hour or 12 hours for premium):

11 minutes ago (Tue Jan 11 22:19:56 2022) Unknown User#6885 (ID 589507330798780456):

1 hour ago (Tue Jan 11 21:17:35 2022) nostalgia#8788 (ID 904084855137136680): @MuirlandOracle how can i add an emote since i'm a booster?

timber lantern
quaint basin
#

Well that's why you're getting unread dots just now

radiant jacinth
#

Why did they take so long to show?

serene trench
#

a lot of messages (which would cause the dot) get input which either get deleted by the bot after or deleted by the user (which is only representable when we look through the logs)

#

obvs the bot deletes almost instantly so it looks like a message was sent but the response isn't represented to everyone other than mods

#

A user could send a bad message and discord sees it as being sent (hence the dot) but what happens to that message is /shrug in the eyes of discord

#

if it gets deleted then it gets deleted -- but the dot isn't removed because the channel was updated in the first place (by the person who sent a message)

radiant jacinth
#

Ah, I see.

#

I don't usually get the unread dots, that what confused me.

echo dust
#

Hmm, I've got a proof of concept that works on this box, but I just haven't put together the pieces to get the rest of the way.

gray jetty
placid ravine
gray jetty
#

nooo, not again NotLikeThis

dusty sleet
radiant jacinth
#

woah the Skills Matrix in the Dashboard looks interesting

winged rain
#

It's not accurate and it makes you feel like you're done learning a certain skill because you have 100 on one side of the matrix

echo dust
winged rain
#

But until it's relatively accurate(it'll never be 100% accurate) it has more cons that pros

radiant jacinth
#

but yeah I see what you mean

quaint basin
winged rain
quaint basin
winged rain
#

About the skill matrix

quaint basin
#

Ah, fair

tranquil silo
#

It is a beta though, maybe they will change it up

dusty sleet
frail rapids
#

No homo but REvil members are kinda hot cursed_flushed

signal loom
#

Hello guys does anyone know where I can find help with mobile devices ? More specific android system and even more specific super partition?

tawdry dove
signal loom
# tawdry dove What are you trying to do?

Install a Rom. I managed to unlock boot loader and installed TWRP and I flashed a rom image but I flashed it to the SUPER partition by mistake. Phone is stuck in boot loop now and won’t even go into fastboot mode. It does not get detected by the computer either unless I hold vol down and power but it detects it for just a few seconds and it disappears again

tawdry dove
signal loom
# tawdry dove Phone model and ROM you're trying to install?

Redmi 9(Lancelot) I am just trying to repair the file system for now… eventually I’d try to compile nethunter for it but at the moment I am trying with stock rom trough SP flash tool which is not easy at all with all the xiaomi locks πŸ€¦πŸΌβ€β™‚οΈ

tawdry dove
#

Doing a quick Google, there are several videos that seem to fix the problems you're having

#

Also looks like there is an XDA Developer post or two as well

signal loom
plucky raft
#

@candid island can I DM you at your convenience? Wanted to run something by you regarding a job.

candid island
plucky raft
hoary nymphBOT
#

Gave +1 Rep to @candid island

gray jetty
#

So, other than #subscriber, what other restricted public channels are there? (advanced general and help, exploit studies excluded)

burnt night
#

The others are discord staff channels etc

gray jetty
#

I wish there were more
They make me feel special like hidden levels in games

quaint basin
#

inb4 I make a CTF in the Discord server

serene trench
dusty sleet
#

I did already

quaint basin
#

Not in here you didn't kekw

#

Making a Discord CTF is easy enough. Making one in a partnered / verified server with 115,000 people in it is nuts πŸ˜†

dusty sleet
viral flax
#

Hi

#

I didn't get points for solving OWASP Juice Shop, is that ok ?

burnt night
frail rapids
#

Will THM issue a transfer token for a domain like tryhackme.xyz (I don't own that one) for trademark infringement even when it redirects to tryhackme.com?

radiant jacinth
#

New chair kekw

PXL_20220116_224059642.jpg
odd acorn
dusty sleet
#

how old where you when you realized amazon has an Easter egg in their homepage

misty jackal
frail rapids
#

at the end of the source code magikDefective

serene trench
#

have you found the thm easter egg?

dusty sleet
#

no

#

πŸ‘€

frail rapids
#

('identify',userId,{'displayName':username,'subscribed':'1','dateSignedUp':'Fri Dec 18 2020 08:02:02 GMT+0000 (Greenwich Mean Time)','experience':'intermediate'})) found this in the THM page source, where does experience get used?

dull dove
#

KoTH

#

other than that it's just for statistic purposes

#

at least afaik

junior compass
#

I have a question. Can devices on different subnet ping each other? For example on college wifi there are different routers or switches i shd say idk for different departments and there r even more branches. Can I ping from my device connected to one hostel router/switch out of many on diff floors to any other device on diff router/switch like in accounting department?

echo dust
junior compass
#

alright. Just to add on when I check on my device it shows it as Class A network and I have ip address starting from 10

tawdry dove
#

Why do you want to do this?

frail rapids
scarlet moth
viral flax
hoary nymphBOT
#

Gave +1 Rep to @burnt night

viral flax
#

hi

#

but constantly youtube is opened

burnt night
#

@quaint basin you got another.

quaint basin
#

Bahahahahaha

#

God I am glad I let you talk me into that

viral flax
burnt night
viral flax
#

systemctl restart systemd.resolved.service also

burnt night
#

You're not reading the text in the room. I can say that for certain.

viral flax
#

"this site is not available in the uploaded VM" <--- you mean on it ? this mean that I'm able to pass this room only from browser atached machines ?

burnt night
quaint basin
#

Or, rather, it is part of the VM, but only insofar as it redirects you to a rickroll to see who was paying attention to the room text chceyes

viral flax
#

@burnt night thx for the help, indeed I should read more carefully, but I think this room is brokering some convention that I used to on THM

hoary nymphBOT
#

Gave +1 Rep to @burnt night

burnt night
#

If you hit the wrong target in a pentest, there's potentially criminal charges

viral flax
#

yep got it, you have right, one of the hardest room πŸ˜‰

quaint basin
#

Did I not set it to easy? kekw

burnt night
#

It's very much not a difficult room. Reading comprehension is a skill you really need to learn and practice.

quaint basin
#

Tbf, with Jewel there, it should probably be medium

viral flax
twin ridge
winged rain
#

Especially the part where I had to actually find my file

quaint basin
#

Jewel is my first and only NodeJS webserver. Enjoy it

radiant jacinth
#

Why you're only!?

gray jetty
#

js is shit

last moat
junior compass
frail rapids
scarlet moth
quaint basin
#

Flask 4 life

scarlet moth
#

oof

echo dust
dusty sleet
quaint basin
#

Fairly high. It's not exactly an uncommon framework

dusty sleet
#

What are the odds that I was playing w it when u wrote that

#

anyway some might say django > flask

#

πŸ‘€

spark sun
#

It depends on use case.

frail rapids
#

IIRC Django is better for major sites with loads of features and Flask is better for the basic ones

dusty sleet
#

best is flash no cap

gray trellis
echo dust
#

NGL, doing the django room, and the related python room had me scratching my head some.
Like, is there no stored static HTML anywhere? All generated by python on the fly?

rapid summit
#

Look at how django uses template engine for generating the HTML.

spark sun
#

JINJA templates are very common across a variety of python projects

viral flax
burnt night
viral flax
burnt night
radiant jacinth
#

How many views of the video is A: Legit views and listens and B: Rickrolls.

twin ridge
tall portal
#

Classic

junior compass
radiant jacinth
#

Can't find /proc/sched_debug on some of my VMs and much information about it either. Does it depend on the version of the Kernel or the distro?

frail rapids
#

Are there docs that specify where what HTTP header gets used?

#

for example, when I search for X-Rewrite-Url I only get vulnerabilities instead of an actual explanation

burnt night
frail rapids
#

Alrighte, thanks!

#

zend-diactoros up to 1.8.4, zend-http up to 2.8.1, zend-feed up to 2.10.3 are affected by this security issue.

#

kek that's the same version a bug bounty program website uses

#

found that setting the header X-Rewrite-Url: dev just straight up showed dev info lmao

#

showed all httponly cookies in plaintext, so easy cookiejacking -> acc takeover

twin ridge
#

How tf did anyone think this was a good idea?

frail rapids
#

Well, /dev redirects to home

#

it's like a 403 bypass but with 301 so it's probably an admin only default debug page

#

tbh the entire site is cringe worthy. Found 3 reflected XSSs, 2 session cookie disclosures (one of which is the page aboce), no anti CSRF tokens etc

#

I've already reported an account takeover bug chain

#

got 2 more coming both with unique chains FrogeKek

frail rapids
#

funniest thing is that it's a fully online wholesale and one of the most popular ones in my country, was quite shocked at this sh*tty security

still maple
#

Anyone have any good resources for small python projects to get started with? For beginners preferably.

echo dust
still maple
#

Thank you! I'll check both of them out!

stiff copper
#

can somebody help me with finding the victim Machine im connected to the tryhackme via vpn

#

so i did not use the 1 hour available machine which is available online

echo dust
# stiff copper so i did not use the 1 hour available machine which is available online

Hey zahir, sorry I was not here when you were looking for help.
#room-help and #site-support are good locations when you're looking for a hand depending on the nature of the trouble.

When you expand a task, at the top right of the task there should be a button for any additional resources.
Whether its a PCAP download, Wordlist, or a target machine that needs to be launched.

When you launch a target machine a banner will appear with the timer for the machine, ability to extend its life by 1hour, and the IP address will reveal itself 1 minute after you launch a target machine.

The 1 minute is to give it time to boot, and configure networking, though some machines need longer for their services to initiate.

twin ridge
waxen sage
#

Are there any rooms on Pegasus? I have been listening to Darknet diaries today.

twin ridge
#

Not to my knowledge

tawny egret
#

Anybody got tips on working while having vertigo?

scarlet moth
#

what triggers it?

tawny egret
#

Havent figured it out yet. Its just like a hat i cant take off

scarlet moth
#

stairs triggers mine, I also had things that felt similar from low blood sugar / low blood pressure

#

also I'm assuming you've gone to a doctor because ear infections can also cause it

tawny egret
#

Havent been to a doctor yet becaus of the throat part of ent. Low blood sugar is definitely one trigger.

frail rapids
#

I'm looking forward to college

#

I enrolled myself for compsci but idk how challenging it will be for me

#

I hope I'll have enough time to learn more maths, physics and hax0ring on the side

gray jetty
twin ridge
twin ridge
scarlet moth
#

its ok if cybersec isn't taught, Comp Sci is the foundation for everything CyberSec, you'll do great

livid whale
#

I would say learn a lot in your own time, when I was in university ( cybersecurity major) still I learned most in my own time. So don’t waste time.

spark sun
gray jetty
hoary nymphBOT
#

Gave +1 Rep to @spark sun

frail rapids
#

Would it be an advantage to write a C2 tool using python WITH C++ extensions?

#

I don't think that C2 servers are heavy to run resource wise, are they

radiant jacinth
#

Guys i am new and i wanna learn hacking what should i do

jade quail
radiant jacinth
#

Ok thanks

jade quail
#

You're welcome. Have fun.

dusty sleet
#

having fun is underappreciated

half fractal
#

wdym by python with cpp though? πŸ€”

frail rapids
half fractal
#

yeah FFI and all that, also cpython bindings and whatnot

#

but i don't really see the usecase for using them

#

i do see the opposite though, writing a server/client in c/c++ and using python as a scripting engine inside it

frail rapids
#

well, it might be useful when processing lots of data

#

e.g. file exfiltration and stuff (depending on the code)

#

because python is hella slow it might take longer

half fractal
#

i guess now i see it, but the bottleneck will most likely be the web server then, not the processing code (my guess is that encryption would be the most "time consuming" part, and even that is handled by native libs under the hood)
to make the http server part more efficient you'd need to push the http server to the native side and handle stuff in it, delegating the more high level portions of the server to the python side instead

or at least that's how i see it

winged rain
#

Anyone here read the book "The stranger" by Albert Camus?

dusty sleet
signal hull
winged rain
signal hull
#

Very broad question given the nature of the book, but I thought it was a unique perspective, and while I don't necessarily agree with all parts of what Camus is talking about, I respect it.

winged rain
#

I'm so baffled by the ending

#

In some sorts it's a happy ending, in other ways it's not

signal hull
#

Honestly such a good ending

#

If it went any other way the book wouldn't be as good imo

winged rain
#

Like he didn't live his most authentic life he knows that but the discovery that the world (to him) is indifferent seems to compensate for that

signal hull
#

What do you mean by "most authentic life" exactly? Just asking for clarification.

winged rain
#

Well he believes that his mother lived the most authentic life, that's why he isn't sad why she died

#

It basically means that you don't need a reason for the things you do, you do them because you want to

#

You could've made one decision but instead you made the other and there is no difference to that

signal hull
#

I would say he did live his most authentic life, as nothing in the book really seems to suggest otherwise. He's pretty content in his worldly things.

#

Camus was very concerned with the idea of "the Absurd", that is, man's struggle to find meaning in an existence that lacks meaning. While that point is up for debate, I see the The Stranger to demonstrate and highlight that struggle.

flint vessel
echo dust
#

Can always run a search in #bookclub to see if its been recommended since it's been 13hours since the convo died.

flint vessel
echo dust
#

Just hoping it's helpful πŸ˜„

ancient anchor
#

Can someone Proficient in C explain this in simple terms Please?
I am driving myself insane.

#include <stdio.h>

int main(void){

int a = 1;
int b = 2;

int array[] = {a, b};

printf("\n%p", &a);
printf("\n%p", array);


return 0;

}

#

why two different resilts?

radiant jacinth
#

Homework?

ancient anchor
#

just trying to learn C on my own

#

I dont understand why the name of the array isnt the same as the memory adress of the first element?

spark sun
#

Next step is to figure out how assignment operates.

ancient anchor
#

I am sure i am brainfarting

dusty sleet
#

brain <3

winged rain
fierce glacier
#

hii

dark pond
#

just noticed in mr robot season 2 when ||Joanna's bodyguard takes elliot to microcenter to get tools to track the unknown calls, he's playing watch dogs in the game center ||lol

ancient anchor
#

Figured it out OOF

serene trench
hoary nymphBOT
#

Gave +1 Rep to @spark sun

spark sun
#

πŸ˜„

#

Pointer fun with binky is the most accessible explanation of pointers and references that I have seen

serene trench
#

I'd never seen it until now πŸ˜„

echo dust
# ancient anchor Can someone Proficient in C explain this in simple terms Please? I am driving my...

I'm not super proficient, but these are the type of exercises that AoE uses to teach disassembly.

Include standard input-output

declare main program function

declare integer variable a to be equal to one
declare integer variable b to be equal to two

create an integer array called array, including both variables.

print formatted text, "new line, read pointer" var/pointer to read is "a"
print formatted text, "new line, read pointer" var/pointer to read is  array

return successful end of function

The &a makes it follow it as a pointer back to the declaration.
Which I suspect will be come apparent as to why in your next lesson steps.

I honestly don't remember what happens off-hand if you declare a pointer look up against an array.

twin ridge
#

Binky is best pointer video

spark sun
#

Agreed

winged rain
#

Wow, I wanna talk about the ending of Mr Robot

#

||as soon as Mr. robot showed up, I knew Elliot had DID and all the archetypes checked out, I just don't know why they made their own "mastermind" archetype at the end I feel like it kind of ruined the awesome representation they had shown so far||

radiant jacinth
#

hi guys, question about VMware on win10 and Linux installation:
I've never used VMware and don't know how it works but I managed to install it and burn Linux iso images on DVD too.

Now i'm stuck at a point where you have to specify disk capacity.
Found a instruction manual about this and it said 'The default should be enough'

I have 20GB as default here and the instruction manual shows a screenshot and his disk capacity is 8gb. Is it because the version? His version is different but he had also Ubuntu in the other screenshot.

Not sure if it's allowed to share the link (Instruction manual). To see what I mean with his screenshots and mine.
What to do here?

unknown.png
celest cairn
#

if it's Ubuntu, 30GB of disk space will be fine.

#

see there for the system requirements

#

that is really the only way to tell how much you should allocate

#

if you intend on using this OS very frequently, I would recommend doubling that otherwise you may need to reinstall and allocate more disk space

radiant jacinth
#

Thanks, I will check that out. I was confused because of the instruction manual, he showed 8gb in the same screenshot that I shared.

celest cairn
#

Linux especially can run on much lower resources, just because that is what's recommended doesn't mean you cant get away with a much smaller amount

radiant jacinth
celest cairn
#

Yep. That's the beauty of VMs!

radiant jacinth
#

Thanks, got it

#

Linux mint yaahhh happyPanda

unknown.png
gray jetty
frail rapids
#

I'm reading a book and it says "Configuring your phone-switching system to require an employee who recieves an external call te punch in the even digits of the caller's phone number before the system can connect"

#

How does this mitigate phishing/vishing?

echo dust
#

Making the caller input something often deters them, but the employee? Strange.

final osprey
#

Hi, can someone help me with a weird thing? I had a website bookmarked from years ago "https://www.pyrobot.org/". When I clicked on it I got an error. For curiosity I searched it on google and fond "https://pyrobot.org/" which works just fine. Can someone help me understand why the "www" gives me an error? Shouldn't it be an universal prefix?

odd acorn
#

www is the problem

#

There's a chance they misconfigured/ didn't set an alias

#

I did the same for my website, at first you could only access it with www. until I set an alias without www

#

Depends on what you use, for apache2, you have to set it in /etc/apache2/sites-available/00default.conf iirc

#

TL; DR, DNS

final osprey
#

Ok, thank you. I thought that www was something the browser would set automatically.

burnt night
tawdry dove
#

Yeah, for my websites I usually set an additional A record for www

echo dust
ancient anchor
frail rapids
#

Does anyone know any resources for buffer overflows?

#

as in, 0 to hero from stack based to heap based and rop chains etc

#

it's a pain in the ass to hustle different resources\

ripe haven
#

It’s awesome

twin ridge
#

didn't malwareunicorn have some online labs?

winged rain
#

Should I factory reset my computer for more space?

short elk
#

if you want

#

there is no way anyone else can answer that

winged rain
#

It seems like the best option for now

burnt night
winged rain
frail rapids
dusty sleet
#

what do u store on that

scarlet moth
#

honestly all my data is in the cloud, have 2tb cloud storage which I store data off and my hard drives have very little data on them

frail rapids
#

I don't want to get muted on this server for mentioning it

#

in addition to that, also VMs and games

#

I make tons of snapshots of VMs so they usually go high into the dozens of GBs

dusty sleet
dusty sleet
#

so I saw this ad somewhere and followed it through ,its a website for hiring devs for remote work , I took their exam for bash skills ,need someone to look at their exam and till me how good u think it is

ebon bloom
#

Hi, I have been researching about Windows registry hives and forensis, but I cannot figure out how to dump credentials from unlocal SAM file. I used mimikatz, but I didnΒ΄t find anywhere how to set up my unlocal SAM file. Do you have any recommendations, I would appreciate that.

echo dust
signal hull
echo dust
#

Is "unlocal" a colloquialism for the target system's SAM file that I'm unfamiliar with?

dull dove
#

Not as far as I know, do you have a link to where it mentions that? @echo dust

echo dust
# dull dove Not as far as I know, do you have a link to where it mentions that? <@!162518164...

Used 3 comments above twice in @ebon bloom 's query.
If it was used once, I would write it off as a an oddity/typo.

Using it twice, suggests there's a specific meaning intended that might be important to the answering accurately.

Of course, if it is just meaning to say the SAM file local to the target machine, then I'd have to ask what they mean by "set up", are they just having trouble formatting/prepping for ingest via Hashcat/JtR?

dull dove
#

Yea, they probably mean unlocal SAM file literally or maybe they're talking about how the SAM and SYSTEM are locked by the fs

ebon bloom
#

Sorry, I didn't exactly specified my problem. I have downloaded SAM file and I need to extract passwords from them. But when I use mimikatz it shows me hashes from my local drive so the problem is with settings of the source.

dull dove
#

You have both the SAM and the SYSTEM file downloaded using reg/vsshadow?/or any other method

#

You can just use impacket to dump them then

ebon bloom
#

OK, I'll try that

dull dove
ebon bloom
#

Yeah I have to look how to use Impacket so it takes some time πŸ˜„

still maple
#

@tawdry dove I feel like you'd enjoy this Matty Matheson video: https://www.youtube.com/watch?v=d4VegEHfPd8&ab_channel=Munchies

YouTube
Munchies
Matty Hunts Moose In Newfoundland

Rang and Matty pick up where they left off in Episode One but this time in Newfoundland. The dynamic duo’s tour ends up with moose hunting.

Watch Season 1 of Dead Set on Life here: https://www.youtube.com/playlist?list=PLnPDn1Lb79JFQfaqYzn5ofwQUEfZc2frX

This episode originally aired on VICELAND in 2016

Subscribe to Munchies here: http://bit.l...

β–Ά Play video
tawdry dove
#

The show with Steve Rinella is good too

#

Forgot the name off the top of my head

#

Don't really watch Matty all too often though

frail rapids
#

I just found an old notepad blog I haven't updated in more than half a year

Screenshot_20220126-105335_ColorNote.jpg
#

I guess the studying really paid off.. went from thinking you can hack a website by editing a plaintext cookie to top 500 on thm in like less than 6 months

gray jetty
#

take it lightly its a joke^

hoary nymphBOT
#

Gave +1 Rep to @frail rapids

frail rapids
#

Just reading about and practicing CTFs really. tbh I feel like anyone can do cybersec, but just need the dedication to practice. In addition to that, I've learned programming in a lot of languages over the past two years which really helped with knowing what I was doing. I believe that you can only hack something if you have an in-depth understanding of how something works

#

I've done a lot of THM rooms which really helped and in addition to that I read Medium posts and watch Ippsec on Youtube

hoary nymphBOT
#

Gave +1 Rep to @frail rapids

mortal venture
#

hey im looking to learn about windows down to a kernel level but i have zero idea where to start. Anyone have any sources or websites, youtubers etc???

scarlet moth
#

nothing is going to be more definitive than that

mortal venture
#

bleh books ugh

mortal venture
hoary nymphBOT
#

Gave +1 Rep to @scarlet moth

frail rapids
#

What is meant with heuristics?

While heuristics or threat hunting can detect abnormal router behaviour, ...

spark sun
#

Reduction of a problem to something more easily quantifiable or qualifiable

frail rapids
#

Would it in theory be possible to make a ML model that generates WAF bypasses?

#

I guess there would be several struggles like 1) finding datasets and 2) confirming if the WAF bypass works or not

#

I guess it should require a check of valid HTML and JS syntax first as well

#

Perhaps a GAN could do the trick? But like I said, it needs to be capable of detecting valid syntax at all

serene trench
#

Especially deciding what doesn't work/should be used before the WAF blocks you entirely

frail rapids
#

Yeaahh exactly

#

I mean, if the model works well enough and has valid syntax, it should probably work

#

basically comes down to HTML tags + random jumble + JS event + JS

#

You can barely do static analysis of the syntax because it can be unpredictable

serene trench
#

Vendor specific, etc (:

frail rapids
#

so you'd probably need to run it through an engine

serene trench
#

Cool idea, I know a coursemate is looking to do something similar for his masters thesis but uh -- I have no idea how that is going

#

Also yeah I could see a GAN working but i'm not super knowledgeable on NN

#

Just a case of if you can get the right dataset as you said! πŸ˜„

burnt night
#

With something like modsecurity that's a lot more practical

frail rapids
#

Hm. yeah.

#

If it doesn't have a rate limit when it's self hosted you could in theory brute force it and put the results in a dataset and train off that with GAN, or just implement the source code rules as rules for a generator and insert those into a dataset as guaranteed bypasses

#

I think I'm going to make a proof of concept with regex and see how it works out

mortal venture
woven patrol
mortal venture
#

Oohh okay I’ll loot into that πŸ™‚

mortal venture
hoary nymphBOT
#

Gave +1 Rep to @woven patrol

stiff copper
#

Im using msfconsole on my kali linux to exploit a windows xp. Both are in the same network Nat network inside virtual box. the exploit is called "exploit/windows/smb/ms08_067_netapit" the payload is "payload/windows/meterpreter/reverse_tcp" Windows xp is an not yet acctivated and looks as follows. the problem is though after I run the exploit everything is just fine there is no error the remote port is accessible and open, but some how i dont get any meterpreter session on my kali. Could somebody help me with it? Do I have to change the service pack 3 of windows xp to sp2 or sp1 to get the desired result?

thanks

frail rapids
# mortal venture Strictly out of curiosity. I simply want to know what that means bc I don’t even...

https://youtu.be/Sw9r8CL98N0

YouTube
Computerphile
Generative Adversarial Networks (GANs) - Computerphile

Artificial Intelligence where neural nets play against each other and improve enough to generate something new. Rob Miles explains GANs

One of the papers Rob referenced: http://bit.ly/C_GANs

More from Rob Miles: http://bit.ly/Rob_Miles_YouTube

https://www.facebook.com/computerphile
https://twitter.com/computer_phile

This video was filmed...

β–Ά Play video
mortal venture
hoary nymphBOT
#

Gave +1 Rep to @frail rapids

viral flax
#

Hi

#

I have problem with bypassing windows 10 firewall during nmap scans, is it at all possible ?

modern kestrel
#

I guess it depends on the type of scan you are doing

mortal venture
#

Also running nmap as root is helpful too. It’s a norm for a lot of people. Running as root defaults to silent scan I believe?? It uses ARP pings πŸ™‚

short elk
#

only if you’re on the same network

#

which is obvious if you know@how arp works but i’ve seen lots of questions asking why that doesn’t work before lol

burnt night
mortal venture
hoary nymphBOT
#

Gave +1 Rep to @burnt night

hoary vale
#

Anyone have any high-spec laptop recommendations? Hitting the storage limit on my macbook and I can't replace the storage, trying to decide between M1 Pro/Max and something else. (Used some dell points I had from work to order a spec'd out laptop a month or so back but it showed up broke kek)

lean pendant
#

I am in vip vpn, yet I do not have a connection today except when I disable the vpn is normal?

echo dust
#

Sounds like something is messing up your routes on system.
Assuming you're on Linux
run: ip -br -c a

How many Tun adapters?

burnt night
lean pendant
hoary nymphBOT
#

Gave +1 Rep to @burnt night

coral shuttle
#

You guys got any recommended password managers that are free and multiplatform?

radiant jacinth
#

bitwarden

twin ridge
#

Keepass as well

coral shuttle
#

I want to be able to use it on my PC, laptop, and phone ideally

twin ridge
#

don't think keepass can sync though

spark sun
#

It does if you keep it on a cloud storage πŸ™‚

radiant jacinth
#

I just signed up for Tmobile's 5G Home Internet. The big sell was no data caps. Means more games anidab

twin ridge
#

also more latency

spark sun
# twin ridge true

on-device mirror to the storage πŸ™‚ I am just careful to keep the hardware keyfile off cloudsync

twin ridge
#

don't think keepassXC has a mobile version though

spark sun
#

I use Keepass2Android

dusty sleet
mortal venture
#

I use LastPass. Pretty solid although it’s $3 a month to use on multiple devices

pure mantle
#

i use nordpass. pretty good but you have to pay to be signed in on multiple devices. fine for me because i only use on desktop

modern kestrel
#

Guys, does anybody know any tool or something that tells you more info about someone based on their name or social media?

winged rain
#

If they are over 18 you most likely can get most of your info from those sites unless they've went and made sure that those kind of information is taken out

slate pebble
#

hi, just wanted to ask where to ask cryptography related question? (xor decryption)

modern kestrel
#

and based on cellphone number?

spark sun
modern kestrel
spark sun
slate pebble
spark sun
modern kestrel
slate pebble
spark sun
#

If you have a question, just ask. Asking to ask is one of the most irritating things about how company DM solutions are used.

#

That extends to discord

modern kestrel
slate pebble
#

sometimes i ask but people tell me it is wrong channel so i dont want to make a mess

#

since i am new i prefer to ask

spark sun
#

quiet conversation is almost always the wrong place to ask - it's a slower chat by design. for technical stuff like xor maths in encryption algorithms, #infosec-general is probably going to be your fastest response

slate pebble
#

thanks

slate pebble
#

what do you prefer between parrot security and kali?

modern kestrel
#

personally Kali has given me less issues, but it doesnt hurt to try both

lucid topaz
#

how to hack?

winged rain
#

You type on the keyboard and eventually you get to say "I'm in"

lucid topaz
#

What document defines how a penetration testing engagement should be carried out??

burnt night
frail rapids
#

Where can I find binaries with a BOF for practising?

rugged frigate
#

there is a buffer overflow room to try it

woven patrol
dusty sleet
twin ridge
frail rapids
frail rapids
dusty sleet
twin ridge
dusty sleet
# twin ridge *bonk*

π–šπ–•π–π–”π–‘π–‰π–˜ π–•π–”π–˜π–Žπ–™π–Žπ–”π–“ 𝖆𝖓𝖉 π–˜π–™π–†π–—π–Šπ–˜ 𝖆𝖙 π–™π–π–Š π–†π–™π–™π–†π–ˆπ–π–Šπ–—

slow nacelle
#

Hello everyone
I have question, Does anyone knows what easter egg files means in website for example? How we decide a file is an easter egg file?

frail rapids
#

You should check for strange text

#

and it probably won't contain a lot of js or html but you never know

frail rapids
#

These actors' innovations include ...; embedding malware in BIOS storage; ...

#

what is meant with BIOS storage? I don't assume it's the non-volatile chip on the mobo, right?

tawdry dove
modern kestrel
#

Pray for me, I enrolled a course in uni which I thought was a computer architecture course but its a UI/UX course

radiant jacinth
#

But can you unenroll before you get charged?

modern kestrel
modern kestrel
radiant jacinth
#

And can you use that as part of completing your major or it doesnt' count?

modern kestrel
#

No, I wish

#

this course is required

twilit geyser
#

Hey guys, I scored my first interview ever for a sec analyst position this monday, I would love any tips you all may have...πŸ˜€

bronze creek
twilit geyser
#

@bronze creek Thank you

hoary nymphBOT
#

Gave +1 Rep to @bronze creek

frail rapids
dusty sleet
#

🀲

burnt night
frail rapids
burnt night
#

You're paying for the 3080

twin ridge
#

You'll get no battery life out of that thing though

#

Will probably get thermal gated fast as well

twilit geyser
#

@burnt night Thank you!

hoary nymphBOT
#

Gave +1 Rep to @burnt night

pure mantle
radiant jacinth
#

Unless you need a laptop, you know, for mobile mobile reasons.

scarlet moth
#

I have a Dell G15 and the battery life is pretty amazing

#

I personally don't like desktops so all I buy are laptops

frail rapids
#

Need to run VMs but I might just setup proxmox on my home pc/server

#

Throw 64gb ram into it and it's g2g

radiant jacinth