@tawny coral can u cross check in DMS if u would like to?

ok

auto logged in to your account?

that's normal

point is as what user u logged in as

admin?

i thinking that he is assuming something as breach which is actually a feature?

cuz the thing's ain't adding up

you'll have to add me

me?

for DM

Is this still about me or not?

yes man

Oh alright allow me to try to uhh

Start all over

💀

Sometimes it's better to do that

It's a web interface of what I'm assuming is a server, the only thing on the screen is folders and data, it's not possible to edit any of it but it is possible to read and copy it

It's a sorta file system or smthn

I found a link to it in a file on my laptop and after looking where it went it wanted me to login with a username and password which I obviously didn't know

After removing something with login from the link I was in the web interface all of a sudden

Sounds like a student portal maybe?

I think it's linked to the ICT person his site

He has like a site where he shows what he offers as a business or smthn

we have a solution

What should I do?

we can do a voice session and you can share your screen

I cant

rip

I used wsl discord and VC is super broken

https://tenor.com/view/wut-gif-10353676990730864957

No need to do it anon, just let them know.

If you want I can do it tmrw maybe I can get it fixed by then

Give me roughly 21 hours

I also want to sleep and have to go to school

Can someone help me

What do you need help with?

With my gmail

Before asking make sure you are familiar with #📜・rules

Ohk

We don't condone any illegal activies here and asking something illegal or unethical might get you banned.

I am not asking to hack it

ok then, shoot

I forgot my password so I try to login with forgot password and it send otp to no to but then it send some code to same gmail

So what can I do ?

I believe gmail requires a phone number, you should be able to select your phone for the 2FA or Youtube app if I'm not mistaken

I try it send code but then it also send code to same account

So?

Jus enter otp

You are asking me?

I forgot password

what

I mean you received oto via mobile sms

Yes

After putting that code it's also send code too Gmail to

Shouldn't be

Yaah I don't know why

Make sure you hit right buttons

I did

1️⃣ Go to Google Account Recovery.
2️⃣ Enter your email and click Next.
3️⃣ Choose a recovery method:

Enter your last known password.
Get a code via recovery email.
Get a code via phone (SMS/Call).
4️⃣ Follow the on-screen instructions to reset your password.
5️⃣ If no options work, click "Try another way" and follow Google's verification process.
6️⃣ If locked out, wait a few hours and try again.
7️⃣ As a last resort, contact Google Support.

see

it's sending on recovery email ig

I try it

Email don't have recovery email

Rip

OTP (One-Time Password) for password reset cannot be sent to the same email that you are trying to recover.

yea

^^^^

sekect sent otp via sms

It's sending I don't know why

Brian ain't braining rn

Yaah I don't know why

Google support is your best friend right now

How to contact them

support.google.com

Ok then what should I type or talk

chat gpt can be useful in this times

Promot?

Just follow the instructions and as @chilly merlin mentioned chatGPT is great too, it will however direct you to Google support

What should I do?

We just told you

I believe Comptia asks Performance Based Questions rather then performing XSS.

anyone that knows how to perform a stored XSS attack when the parameters are filtered? so like i cant use <>§: etc

i cant find any resources on it either

Ohk

if i want to get into cybersec but im not very proficient in any languages, should i learn and be proficient in some languages b4 starting tryhackme or is it fine

What exposure to IT infrastructure / technology do you have in general? Getting a baseline of your skills

pretty much none thats why im asking-- just seeing what i should do if i eventually want to go into cybersecurity

If you want honesty, Go for A+ or some more generalised certs and knowledge before making that choice. Cybersec is a buzzword right now but it's not as glamourous as many put it out to be. High turnover and burnout rates are common. Get a foundation in user OS systems like windows and servers. Lots of free tools and places to begin there. See #👥・new-member-guide as well.

Get your feet wet in IT first and see if you want to go to Security as a specialization. Many start as a Blue teamer "defensive security" Before going into hacking or will do hacking as a hobby and then turn it into a career. Take it slow, you're going to suck at it, you're going to make mistakes but learn and be patient and you will get it down!

Alright, I appreciate that info. Do you know which certs I should go for at the beginning?

That are 'more generalised'

Some words of advice as well, don't rush anything and never be afraid to make mistakes. Obviously don't be careless but remember, a mistake is experience for your current job. Big mistakes are experience for the next job 😉

Comptia A+ is a good starting point

Appreciate that

Alright, I'll check it out. Thanks :)

Is it free or paid

No worries, What is your current career if you don't mind me asking

I'm in high school 😅

Paid cert but is industry recognized in technology

I see

How much previous programming knowledge would I need to do this cert?

You have plenty of time and things you learn now will be out of date by the time you graduate. It's a field that you need to have a passion to keep learning and find information yourself. A neat thing to learn is Google Dorking (yea the name is stupid)

https://www.imperva.com/learn/application-security/google-dorking-hacking/
This is a tool you can use in every day life, google is a machine like any other. Learn to manipulate it and it'll do what you want. (within reason)

I see, do you think it would be better if I focused purely on just learning general programming like the basics and a language or two before I start doing certs and deciding what to do?

Depends on your path, If you want to go into programming you have some good paths to branch off to. Dev work and others. Python is a good starting point for learning code, very kind with syntax and functionality.
https://www.learnpython.org/

Right now, I have a basic understanding in python and java, and I'm currently learning Java in school. Do you think I could skip over python for now and just learn Java, or would it be much better if I became highly proficient in Python before moving?

IF you want my honest opinion, the devs in the discord will have more weight than me. Python is used in nearly everything (java has tons of applications and usage) and is easier to pick up as a foundation to start "Thinking" like a software engineer. So it's really up to you, I sucked super badly at programming but my first language was java and my professor in college was fired so it sent me down the ITSM path instead.

I see. Do you think learnpython is the best resource to learn python right now? Also, have you ever used leetcode and how was the experience for that or should I ask that to someone else who has dev experience ?

Unfortunately that's a loaded question. There's no "best" because everyone is different and one site's way of doing it may not work for person B when it does for A. I would say youtube videos, and any resources you can find that work for you along with doing tiny projects when you learn something new to "create" your own use of whatever new concept you have learned. Learnpython is free which makes it good for a starting point. There are lots of other free and paid resources but make sure to do research on the platform before you pay for anything because you may get the same education or even better courses somewhere else for free.

I see, I think thats all for now. I really appreciate your time and help :).

No worries, Good luck!

is this vulnerable to xss? is there any way to bypass this $result = preg_replace('/[^A-Za-z0-9,.-!]/', '', $inputstring);

Yes, throw that into chatGPT and it will all be explained

I want to learn ethical red team hacking

#👥・new-member-guide

@chilly eagle thank you so much

I appreciate you live long fellow

I’m working on a portfolio., and I got stocked at some point, can anyone help out ?

Tell us more, what are you stuck on ?

My registration and login don’t seem to be submitting and proceeding to the menu

My registration and login don’t seem to be submitting and proceeding to the menu

Auth on a portfolio ? 🤔
Anyway, do you see anything on the request tab of the browser ?

Yes I saw some error but I’ve been finding it hard to fix

I wish I could send picture on here for you to see what I’m talking about

Yes, you ask the owner of the PDF for the passcode

#📜・rules #1286135820008296509

then go somewhere else 🤷‍♂️

or get money

Kek, in this server we don’t provide guidance on unethical actions

^

Then look for them

Accessing something locked even if it has leaked stuff

Is unethical

You're trying to grt unauthorized access to it

Get*

Why do u have a login on ur portfolio website

💀

Dm a pic to me

https://imgur.com

That's also a thing

How are you kvts

Sorry dude, i am a white hat

I cannot support any of these actions

neither does this server

sorry man

Always awesome 😇

Bros trying to make me join a telegram channel

Wild ain't it

Good to hear

how do you test if some one would be spying on your network... it's really tedious if you are going to one by one go to your cmd and common startup...or is there a tool that can check it ?

At home or in a company?

Also there isn't really something you can test. You can monitor if you have any suspicious outbound connection to a DNS or IP-Address that has been flagged.

Home

Well you'd have to know what you're looking for, for example there's a discord server that's a CNC for a rat, you type commands and you can see a live version of their computer on a screenshare, hear their mic, run scripts in the background, but if you look at the virus it's connecting to a vps or getting instructions from a page / online file.

Is this question out of interest, or do you suspect someone is spying on you

out of interest only ... though there might be pranksters out there since I gave my personal email address to somebody I just met and got that individual sent me a cracked application...

As long you don't execute suspicious applications that someone send you, you are most of the time safe.

i executed it since it was a free version of capcut 😭

Well now you have a 50/50 chance you have malware

i have windows 11 and it autodeleted malwares in my PC

Windows defender, but don't rely on it, get good at using common sense (respectfully) and look out for viruses, check out virus total aswell

now I'm not sure if it's still there... though giving my personal email address to access his GDrive might have exposed my IP address since it can be easily seen if you look into Gmail's settings

There's malware my friend makes called ketamine, it bypasses every single antivirus on virus total

So also be careful who you trust

IP address is only really a danger if you port forward or get ddosed

Or if you don't want your city to be found out

I also recently Ended 3 Powershell activities

You might have a virus

You didn't start those?

No

Interesting, I'm down to look through your system later if you want (it's 2 am so nrn)

I have instances that my PC is running while my Android has no wifi connection

Like your Android isn't connecting to the Wi-Fi but your PC is?

Yes

And you're sure your Android isn't just having a problem?

can we go to the dms little bit?

I encountering problem but its hard for me to explain

For sure, dm me

That I will check since WiFi is down and there is a storm and signal could be the issue

Your pc might be still running but if there's no Internet there isn't a way that it's connected

I will do another test

also what could be happening is your pc and phone are on different wifi bands

And one band isn't responding

or is disabled

So if an attacker knows your IP address the attacker can possibly pretty much disable the WiFi? do something on the bands?

They could ddos you yes

not just turn it off

it would not allow you to reach the internet

But it would affect all devices on the internet

and also most people aren't able to do that

you'd have to get lucky to get ddosed honestly

hi guys my friends steam account got hacked recently and his entire inventory was stolen alongside it, luckily he was able to get his account back and change the password but steam do not help get items back. Would anybody be able to help us to recover these items?

unfortunately no #1286135820008296509

he gotta contact steam support for it

anyone that knows command injectionw ell?

well*

or anyone that can try to help me with it

hello there contact steam support and if they can't do anything ig we can't either and we cant help u with those kind of activities. Not saying we can actually get ur items from steam and if u get any Dms from people trying to offer help they mostly will scam u for money so i suggest u do not engage with them (this is entirely up to u) and I'd like to ask u make a ticket and report them to us so that we can take care

command injection?

yes, like making the website ouput "ls" or something

yea

what about ut

it

its supposed to be working in the parameters im tryting, but nothing happens, ive looked at the sourcecode aswell but nothing

try to chain commands with &

i tried, i also tried with burp to encdode it

ping ip && whoami

it may have some black lists filtering

its not supposed to have it, because it like a vm for learning pentesting

do you know php code?

Is that a rule?

yes

Not an expert

But an expert chatgpt user

💀

lmao

that's a skill

💀

well, i cant get chatgpt to help me either

Good luck

thanks

chat jippity

Guys, I want suggestions for graduation projects in the field of networks, and that do not need more than three months to complete.

Copilot maybe

hmm, maybe, is it free

I have used it before without an account in browser if I remember correctly

aah thanks!

did you figure it out?

Why are you using big fonts? We can see your message

U don't have to fill up half the screen

My eyes are bleeding...

you see my message but you didn't help 😦

Make a Mac spoofer

Ip updater

Automatically check whether the router is configured to use static or dhcp

Then change the user's ip

Aswell as their Mac address

Good suggestions

I need a help in understanding one concept...

ok

can anyone help me with this penetration testing report I am making...

will you ? Purple Moose? 🙂

Depends on what exaclty you need

I am making one penetration test report... as a part of interview...

I just want to know what this kind of vulnerability is... and

like what they called and severity ....

Your best friend would be chatGPT. It can explain everything to you

Check out cve database

it require some human feedback also.. like it is like series...

little difficult to explain like this.. 😅

Yes, the information you are providing is very vague

yeah..

can I dm you?

Here is a good place, someone else might be able to help too.

ohk.. I will explain... here...

thanks

First of all it have weak password policy.. even I can login with 1 character long password...
then I found Authentication bypass...
I can bypass it with the method of changing HTTP Methods from GET to POST in Burp Suite and then show in browser... the GET method I have to capture is /api/login.php and I changed GET Method to POST... and I get successful login.
The next vulnerability which I was thinking to do is HTML Injection and XSS both stored and reflected then the IDOR...
But before I do that, I just thought to capture the request of /api/createticket.php and it is GET Method.. and I changed it to POST as earlier...
It create tickets successfully in POST Method.. and it created tickets to currently login account. Like I created a fake account on it and I just done this 2 times and I got tickets in my profile. If I right click on response and click on show in browser it will show session expired but the tickets are there in my created profile. I login in it and I can see 2 tickets.
So, what is this vulnerability called? What is severity? and is this even a vulnerability?? or is it a feature?? lol...
So, this is the case... what should I do? what is this vulnerability called? and how to exploit it more? What are recommendations...

Authentication Bypass (GET to POST on /api/login.php) Critical (9.8/10)
IDOR on Ticket Creation (/api/createticket.php) High (8.0/10)
Weak Password Policy (1-character passwords allowed) High (7.5/10)
Potential Stored XSS/HTML Injection Medium-High (6.5-8.0/10)

Insecure Direct Object Reference (IDOR)

when I change method from GET to POST
it show me success...

I can't post screenshot.. 😅

Question when you are changing http method from GET to POST are you supplying parameters + values in the request body (username=xxxxxx&pass=xxxxx)? If so are the values to an active account, this could just be the normal flow....

Same for the create ticket .. since the GET would be retrieving a ticket and POST would be creating a ticket

no.. I am not supplying any parameters... I am just changing method from GET to POST...

Now if you were to create a ticket then inspect the GET request to retrieve said ticket and notice a user id in a parameter, you could try changing that id to another users id... If you are allowed to view or edit THEIR ticket, then this would be considered an IDOR

I understood... I will try...

if I am not able to do it.. I will let you know...

for your guidance.. 🙂

Weak password policy might be an informative finding (meaning extremely low) if this is a bug bounty program...

I would suggest to create 2 accounts you own (control) to test this. That way if it is vuln you are not tampering with a real users info.

it is part of interview process... they made dedicated website for us as their part of interview....

it is not actual website... it is dummy website

Ahhh ok makes sense

i can create 2 accounts.. this way it will make things fast...

thank you for this tip..

Then yes I'd report the weak password policy and potential bypasses... Can also look for any rate limiting or account lockouts (brute force a login page) ... Or create a ticket and look for a potential sql injection... Id have to see the app to offer more suggestions though

can I give you the target?

😅

Im not around my computer rn, maybe in a few hours

thanks...

No problem

Hey can anyone explain how you more experienced guys and gals get info on people who send those scam text?

#1286135820008296509

It depends on from what platform they send it

But as dissonance said, it can be used unethically, and we don't teach things that could be used for illegal/unethical purposes here

There's various osint techniques but more than likely it may be a spoofed or throwaway number, email etc ... Which would then require static and or dynamic analysis of said link...

I send you FR... 🙂

Sorry I didn’t think it was unethical. They are constantly sending these pay toll and ups text to my family members so I was hoping to report them to help my fam

try and build/look for a tool that automatically blocks said text, you can use word patterns to do so

Oh if yk country of origin you can report them to their ISP

Countries have ways of marking your number as do not call / do not contact. Fixed my issue after filing with donotcall.gov states side

That’s what I’m asking for. Just point me in the direction of how to build that type of tool. I’m completely new and my course that I’m taking is all theory right now so I don’t know how to use any tools yet

Does that work with scammers tho? Or only legitimate businesses?

i've just researched abit, turns out that from android 4.4 and up only the sms app itself is allowed to intercept messages, so you'll need a rooted device (not recommended either)

What you can do is inform your family that these are just spam phishing text and not enter in any credentials or even click the link.. They will usually ramp up near holidays etc. You can also run any sus link through urlscan.io or virustotal to check if they are indeed malicious...

best you can also do is block the number/report spam, also enable the spam protection you have for your sms app to block those kind of messages

i wonder why android or ios never thought of blocking sms messages via wordlist

Yes I did that as soon as i found out about the trend. That’s why they all keep letting me know they got one and asking what I can do about it lol

The key would be to teach your family how to spot these... Because numbers, texts, emails will constantly change, but if they (family members) can recognize the signs then this will be more helpful than blocking 1 number and or reporting 1 scam

Can work with both, they operate off the same lists a lot of the time. If it gets really bad there are apps through your Telco provider that can help. T-Mobile has scam shield.

Thanks for the feedback and recommendations much appreciated

Which channel would I post in if I wanted someones help with alternative ways to crack the wifi in my home?

Nice try 👍

hi guys, sup? does anyone know how to see the email that's using any ig account?

I believe that if a user wants you to see their email, they’ll have it on their profile.

In other words check #📜・rules and #1286135820008296509

Try?

Cracking WiFi passwords is illegal, not if it’s our own WiFi tho, but we cannot verify that.

Sadly you’ll not find someone here to help you do that on the server because it’s against the rules of OwlSec.

Yeah that was explained to me.

I got called a skid lol

Here?

Which i mean all I have are the pre-made tools available till I learn how to be a coder

In general chat lol

Well whoever called you a skid is someone who’s probably immature.

They aren't wrong. I don't know how to do anything yet lol

I would recommend you having a deeper look on some topics.

Learn and practice.

That being said, we were all “skidders” when we started. But i don’t think so it’s the right term to use.

Take a look at #👥・new-member-guide

I tried serval things but I csnt get linex to work on my windows laptop it interferes with start up for some reason. Also my chip doesn't support monitoring for packet injection. I don't want to invest in hardware yet so a raspberry pi 4 is not something I want to get. And I tried to use my phone for kali but it is network locked and not paid off yet.

You don't need monitor mode for packet injection

Atleast not all

There are other ways to disrupt traffic, other than deauthenticating the user

It’s not always about packet injecting. Get to know the basics first.

The overview about Ethical Hacking.

You can use a Virtual Machine to run Linux for now, you don’t have to use it on bare metal.

Take slow and easy steps, there’s plenty to learn. Goodluck 💪

IF your system meets specs, you can use this for virtualizing your *nix installs on your pc without needing to dual boot
https://www.virtualbox.org/

So this might sound dumb but I've been asking my questions to chat-gpt. And it said I needed monitoring to use wifite appropriately. It also said the vsp or vm wouldn't allow me to use monitoring mode even if I had a live usb.

This could help.
https://forums.virtualbox.org/viewtopic.php?f=35&t=82639
You should be able to do it, you just need to link the USB device to the VM correctly. I have not done it with wifite so i'm not fully sure if it is a hard "you can't do it" situation.

Yeah I don't have a live usb. And didn't want to buy anything. That's why I came here to see if I could find an alternative to wifite that would work. I've been stuck on the linex part for almost a week having to reboot in safe modd a bunch

I would say gut the linux distro from your live machine and see if there is a cheap laptop you can toss it on. Goodwill special will still work as long as it's got a wifi chip and over 2g of ram

Alternative to wifite to do what

deauth?

I just want to find the password to my network. Without interacting with the router via ethernet cable or reseting or using the admin menu thing

Without spending money and as a beginner

Your expectations are way too high.

If only it was that easy 🤣

Actually I take that back.... I'm glad it's not

Funny thing, I was looking through some gothub issues of an open-source network manipulation tool

Just had some bug I needed to fix

And the developer, in one of the issue threads, admitted that they purposely have made the project complicated

To not be misused by random people who aren't willing to learn, and to scare off people that are quitters

They've purposely forced every user of that tool to specify information thry don't really need to, to change configuration files and so on

Hey, so I'm planning on doing a splunk certification but do I need to follow an order when it comes to doing splunk certifications? I'm specifically looking into splunk enterprise certified admin certificate

Make the bar of entry high so you only get the best. Makes sense, till someone makes a YouTube video lol

Every youtube tut on it takes 20 mins minimum still

Hey 20 ain't bad, could be 2 hours

Hey guys I need help with fern nothing show up in the drop down bar

is TryHackMe's premium membership worth it for beginners or would I be better off to just stick to the free rooms?

Wow, what a username

Wym

What's up @radiant stone - I wasn't speaking to you

Was agreeing about the username lol

Oh ok 😆

Sorry

Anything you pay for is only worth it if you sink the time into it to make it cost effective. Cost per hour is a good way of looking at it. X price / how many hours you actively use it per billing cycle is your real cost.

The Iron Bitc.. Lady should remain buried 😅

No worries, I'm the last to throw shade lol

Damn, that only took four edits..

🤣

I can't stand it when that happens 😭

Like I know I can type

And then all of a sudden I can't

How do i create a phising link?

#📜・rules

we don't do that here

Oh sorry bout that

I am new

Take the time and read over the #📜・rules . We are an ethical server

Is it illegal if its in a game?

Like for accounts that got hacked

One of mine did

So i am thinking of revers phinsing it

If not then nk worries

That would be unethical, no we cannot help with that

Ok

We have no way to know your actual intentions

So we don't teach things that can be used illegally or unethically

Kk

Got it

Yea sorry man, if you do end up wanting to know how they work there are resources online for defense and analysis of phishing. Good knowledge for everyone to have and how to counter them. 🙂

Yeah

I would love to know

So i wont get phisihed again

Also uhm anyone familiar with suse? Saw some Linux system administration certifications from them, is it worth it?

@lavish smelt also check out #1286135820008296509

Enterprise company for phishing remediation and training. Their blogs and learning are free and used for training staff in being on the lookout for sketch emails. Also they tell you what new big scams are going around.
https://blog.knowbe4.com/
Some more resources from Zscaler
https://www.zscaler.com/resources/security-terms-glossary/what-is-phishing

Does anybody know to get a passcode on iPhone Lock Screen

Yeah.. ask the person for it, remember it, or give the phone back to the owner.

Without the owner permission

#1286135820008296509

In that case, jog on @uncut turtle.

Stealing is wrong.

Ik thanks

Some tried to hack my account what do I do

Change passwords and ensure recovery options are up to date. Enable MFA when and where possible. Avoid using SMS as a MFA option when possible. If it continues report it to support the may be able to assist

I personally have a break glass account not used for any account creation so low chance of it being exposed. Only used for recovery and needs a yubikey to access.

No like I mean my google account because the password does not work

Use your recovery methods

It didn’t work they got everything they change phone number and everything

You'll have to reach out to Google support I'm afraid

They are one of the more helpful support teams out there thankfully.

Good luck!

If you have any purchase history you can refer to, have it to hand

Additionally details on the account, your usual IP address you access the account from, anything like that.

Hey, wondering if anyone knows of any good linux distros that can run in a VM for starters, I want to mess around with some basic malware like a keylogger, any suggestions?

Also, I've got an old laptop with windows 10 on it, I want to turn it into a linux distro but don't know what a good one would be, I've got some experience in fedora and arch but I've heard dual boot systems are prone to errors. What distro should I use and should I try a dual boot?

kali

What packages would you suggest?

it comes with many tools and gud for beginers

elaborate

u used arch before ??

hello

like what are some fun things to mess around with such as wireshark

who needs help with hacking

damn a fish

Yeah, in my classes i am taking right now we are building a basic arch build

oh if you are gud with fundamentals start out with wireshare nmap

recon ng

metasploit

Do you know of any beginner malware to play around with?

yes i do a decent one

awesome! Ill check it out, Thank you!

could u dm me

sudo apt update all

if you are new to field learn fundamentals nd know stuff then go on to try out stuff

and dont trust anyone who sends a random files etcc

tbh its not gonna be random but reelvant to the social engineering performed at this time

Currently i am in my first block of linux/networking, I understand fundamentals come first but I feel like messing around is how I learn best

htb ??

check out #👥・new-member-guide

Trust me, I am already on my toes about everything

hmm

@ripe panther yo f@ckboy can i get a hacker role

thats kinda rude

delete the msg before a admin saw your msg

Is there a way I could download stuff without it impacting my system? Like download it into something separate from my OS to checkout before I run it on my pc?

alr late

logs exist

didnt want to be mean

I dont mind messin up my old laptop if that helps

yes its called VM

just dump an ISO of an OS in ur VM and u set

ye rather than dual booting your pc you could run a linux distro on a vm

sick, so download anything from my kali VM and I should be fine?

not entirely

Ok, so use my old laptop to play around on, how can I avoid worms?

99% you are good to go as long u dont download stuff which u dont know about

or click smthing sus

Would you know of any safe beginner malware to play with?

Or would you suggest I play with the kali packages first before I get into that

what do you mean by play with exactly ??

I'm going into cyber security and I've got 3 old pcs sitting around, I've learned in class what the victims perspective looks like and I want to infect one of my old pcs to see what the other side looks like yk?

Ive only played around with mods, (marvel rivals nude mods) and I just want something that gives me a challenge to be able to learn

^something cool

i cant guide on that

but there are rooms on thm on malware analysis

Valid, I understand why, but where can I find these rooms?

Also greatly appreciate the help

wet_cat

http://www.tryhackme.com/

awesome! Thank you so much

kindly check out #👥・new-member-guide

and roadmap.sh

❤️

marques_wtf

delete that gif

lucky i luv you

https://cdn.discordapp.com/emojis/1315913523049533440.webp?size=160

wet_cat

discord is patching the discord.py-self library and the author is not on anymore and the original fork cant be updated officially that means i have to patch it alone which i already did

but damn

pip install discord.py-self will not be used anymore

❌ An error occurred while processing the command.

fck

Server owner: @minor blade (ID: 443814498965389322)

freaking dramma beach us dawgs discord devs

Over 4month a put a challenge here nobody can solve it all you claim to he hacker

what is it bro

💀

Yea I don’t think anyone going to help with that man

Refer to #📜・rules Sounds like what you’re asking is unethical.

bug bounties

#👥・new-member-guide Have a look at this roadmap

What interests you the most? Go with what you will enjoy the most

that depends on you

it really depends on your worth

bruhdoge~1

yesh

your role on the company

Hard to answer that one. Lots of factors come in play. Follow a roadmap that interests you, start with what’s free

yesh

do what yo love

Do what holds your interest and doesn't feel like a chore to bring yourself to learn. Yea sometimes concepts and methods can be dull or you'll get frustrated working on something till you realize you forgot a } 🙃

But don't get into the rut of chasing the bag just to end up miserable doing something you hate

With passion comes success, with success comes financial gain.

To chase financial gain you'll have a hard time finding success because you'll lose your passion along the way.

Same same but different

Everyone is different. Can’t say for sure. Give it a go and see how well you learn.

Hey does someone know where I get good proxys ?

what 4

For proxychains I want to try it out but I don't find good ones for free that works

I saw that lol. But i get it, I may have missed it but do you have an tech industry experience?

Free is rough. Remember if anything is free (for the most part open source free is usually ok) you're the product.

I agree. Free is a good way to get a feel for something new.

Start bottom of the totem pole, shoot for higher if possible. IT help desk / service desk to pay the bills and get your feet wet into the industry. If you have knowledge or anyhing in a specific field you think is marketable shoot for thos jobs but everyone starts somewhere. IF you're at a help desk for 2 years but get 3 cyber certs along the way and have a roof over your head you're already ahead of most.

Avoid call centers like they're death. They are, do in house IT or MSP work if possible.

If you want a successful proxy chain, you either buy into someone else's or you build your own. You can do it pretty low cost in a home lab. 4 raspberry pi's or a decent PC running virtual box you can practice it in house.

As you learn new things your interests might shift.

Alright thx

Python is definitely essential

I guess that's a career decision, do you want to do this for work. Or do you want it to be a hobby.

+--+

sorry I am cleaning my keyboard

--

open a notepad brother lol

Unless your mind thinks the right way cyber aint a quick bag for beginners

Fair enough. It's kinda on par with asking "can i make a quick buck with chemistry" but with computers

You COULD but only if you have a natural tallent, if not then you study for years to make 1 product

pentesting is a pain in the aah

That's why i'm blue team, don't have the mind for offensive but i'm good at sniffing

Hey can anyone recomand a url checker

https://virustotal.com

Thanks

how do you decrypt chrome cookies?

or if someone knows latest chrome decryption code please sharee

we cant help you in decrypting chrome cookies, as decrypting chrome cookies without authorization can violate privacy and security policies

if your trying to access your own data you might want to look into chromes built in tools or look into an offical documentation

Hey guys New new here lol , can somebody help direct me to a simple way to delete footprints and disappear! Thanks

In what context?

My digital foot print, somebody has my info and keeps messing with me and my accounts! I’m fed up frfr so I want to go ghost online!

Thanks for responding !

man that sounds rough first thing i’d do is change all my passwords and turn on two-factor authentication you can check have i been pwned to see if your info got leaked too if someone’s really messing with you report it to the platform or even the cops if it’s that bad if you wanna go ghost start deleting old accounts lock down your privacy settings and maybe use a vpn hope that helps

I’ve been to the cops and have reports! Thank you I’ll start at the beginning ! Sending positive vibes 💯

I don't know how deleting you digital footprint is going to help. You can't even do that anyway.

Unfortunately If your info is out there and being used there is no way to claw that back. You can remove presence for new stuff getting exposed like deleting all social media and running settings on a browser that wipes cookies and blocks trackers. But it's the tried and true saying. Once it's on the internet it's there forever (for the most part)

Got you, ping me anytime you want

@marsh drum He's right as well, I gave you tips on how to protect yourself further on, but the current info thats out about you is already compromised

learning how to build a malware , so i needed that... , but its fine if you cannot do it , but would love to know if you can tell me in my dms am a ethical cs person who just like to build things....

Hmm.. Ill let you know late im a bit busy rn, @chilly merlin mind trying to be a mod for 10 mins here?

zoro as a master hacker wil speak with u in ur dms and help u

@karmic leaf @chilly merlin would apperciate help from anyone , when you guys are free👍🏻

sorry mate idk anything about malware

ai have ans

mate i jus did it it gave me an ans

Ayo my crush's mom's whatsapp no. got hacked can anyone help too impress her 😁

Like yk guys what I am sayin

no, please explain what you're trying to do, I'm sure it's ethical

(/s)

#📜・rules #1286135820008296509 We are an ethical server

Bro her mobile number got hacked and the hacker is messaging everyone for money and all you know the scammers so I was thinking if you guys can help me out to get the hacker and get her number back so that it can be safe . And it will also help me out to impress my crush so it is a win win situation like iykyk

Take it to your local police department and they will lead you from there

Thanks bro

I will for sure

Anyway yours stuff is already compromised you’re already in a sticky situation and you don’t want to make it worse by doing things what you’re not sure of doing

You know, people can spoof any number and you can't do anything about it

Just reset her phone and call the cops

Well idk about SMS, I believe it's possible as well, but for calls it's easy

Spoofing is pretty simple spoofing is when you take someone number and make it look like there calling

Yup, you just replace the CID on the Sip request, you can't receive calls but you'll get the outbound number spoofed

That's what call centers do

https://0x0.st/8Tul.png

(cost is around $30/month)

30$ month ain’t bad either fr

Ill see, I already have a really powerful remote acess trojan with me

30$ for a bit of a laught and trolling, yeah

Lmao yea

.

Hi

i mean , gov has Pegasus spyware 😅 but its not fun if you cant make it on your own is it?

i made a discord spyware in the meantime , if you compile the python code to exe and send it to someone , can they see my discord bot url? if yes how do you hide it?

You mean the token?

Don’t use discord + it’s unethical

yaaaa that

yeah they can reverse engineer it

how do you hide it?

am just making it for fun will upload it on github no unethical side

I mean everyone has their own methods

can i know yours on my dms pleaseee

hell naw I gatekeep all my stuff

uhh just obfuscate it

i dont know a lot about obfuscating , but thank you for the help , i will look it up

js makes ur code harder to read

you can shut the fk up and not scam

;)

cool feel free to dm me if u have any questions or need advice, nothing unethical tho

prefer to not put myself at risk

thanks for saying that, am not unethical, i just love building things

me too

but I prefer to not trust others with knowledge I have

Ah spot the scamer

Yk you can convert exes to image right 👀

thats totally fine:)

very often when it comes to things that can be used unethically, you have to self teach

what!? didnt know that

No worries, many people don’t but it’s cleaver to use it with malware and payloads, search on YouTube on how to do it

you are self taught!??

nobody was by my side teaching me how to disrupt network traffic, permanently damage routers, and steal login info via wifis (and same for defending against it)

damnn you have done a lot of things hahah

yeet packets (╯°□°)╯︵ ┻━┻

yeaa but I suck when it comes to web exploiting

like literally suck

I haven't done many ctfs at all

yaaa ma from cs background so idk a lot of what you are talking about but am a supporter , do well in life

so I always go for internal offensive security jobs if I get a choice

comp sci helped me a bunch too

Making payloads and everything - just not for malware; python is horrible at that

so you use metasploit

anyway lets talk some more later gotta go finish my spyware project

I've used it a bunch, there are better alternatives to it regarding network attacks tho

Thanks for the info mate

don't get scammed

Hey everyone, I need some advice on cybersecurity careers.

Do you think a bachelor’s degree is necessary to land a high-paying job in cybersecurity, or are skills, experience, and certifications enough to break into the field? I’ve seen mixed opinions—some say a degree helps, while others believe hands-on skills and industry certs (like CISSP, CEH, or OSCP) matter more.

Also, would having a degree in a non-tech field (like business, arts, or finance) add any value, or would it not really help in this industry? If you’re already working in cybersecurity, I’d love to hear what worked for you!

Looking forward to your insights—thanks in advance!

There's not really a downside to having a degree, plus if they have to choose between two candidates, one who has a degree and one who doesn't they'd take the one up.

The problem is im having a degree in Bsc(BZC) Which comes in a non-tech field, would it help me in this industry?

That I'm not sure (I haven't had a job in cyber yet.)

Appreciate your time bro 😊

yo is the new ai nuleics ai good?

Its very useful to an extent... I have a not so useful degree in aviation (Air Transport with Private Pilot Training) and zero IT qualifications but I work in IT (10 years experience, Senior Software Engineer). I started teaching myself in 2009, by 2016 I had a nice little portfolio that I leveraged during an interview to get into a graduate scheme with an IT consultancy company, they placed me with a massive client, I transferred to the client permanently after 2 years and haven't looked back 😄

I did get rejected by many organisations before that purely because I had no IT qualifications but at that time I was at least 5 times more advanced than a typical junior developer. The recruiters are mechanical at times and will throw your CV in the bin purely based on a few sentences of your CV xD Get the degree if the cost wont be an issue.

Oftentimes I’ve found that the recruiters have zero IT knowledge and are merely going off a script in front of them.

Does any laptop work for cybersecurity or is there something that a laptop needs for it to work?

min 8 gigs ram
512 ssd
4 core processor

That’s an awesome journey! If you don’t mind me asking, what resources or strategies helped you the most when teaching yourself? I’m in a similar boat, so this gives me a lot of hope!

I’m looking at the cybersecurity course and I was wondering if I can get a clear understanding of the difference of back door and root kit because they seem the same

#👥・new-member-guide

Rootkits are persistent

Rootkits are designed to remain hidden and evade detection

backdoors focus on providing unauthorized access to a system.

Oh

So the rootkit is only made to remain undetected while back doors gives the user the unauthorized access of the person computer

Got it

Bot are types of Malware but they r different

Both*

Okay thanks 👍

Also rootkits are often programmed to be persistent and stay even after factory resets

If you get a root kit - you're cooked

Ah

But with back doors it can be removed I assume?

Yesh

The resources I used back then are likely obsolete now. The best strategy in IT of any kind is having hands on practice 🙂 I'm a gamer so I turned my learning into fun by trying to learn more about programming by attempting to create a game within a game engine. I also love robots so I delved into Arduino and recently Raspberry pi.

Right now with the rise of AI, learning is way easier. Do the theory, ask the AI (ChatGPT, Claude etc) to explain in simple terms, perhaps with ascii diagrams, and practice practice practice. Below are some of the stuff I have found useful to me:

(shall send in multiple messages because I dont have discord nitro) ...

Theory:

• I heavily used this site and consider it the most helpful for me though likely obsolete now: https://www.w3schools.com/

• This channel taught me C#, Android and some C: https://www.youtube.com/user/thenewboston

• This online book taght me the utter basics of Machine learning concepts: https://natureofcode.com/

• When I wanted to implement the Machine learning concepts in Java, this taught me backpropagation: https://mattmazur.com/2015/03/17/a-step-by-step-backpropagation-example/ (do not fear the math).

• This is AI learning heaven: https://community.superdatascience.com/courses

• This is AI model heaven: https://huggingface.co/

Practice:

• You 100% need to learn how to navigate a Linux operating system whether in Cybersecurity or Software development. The best way to practice is on an isolated, disposable machine. This is where Docker comes in: https://www.docker.com/ . It allows you to spin up containers of various operating systems on your windows machine. You can experiment, test your code, go wild! But do not use it to practice Cybersecurity concepts (because of the risk of you accidentally running say, a network infecting virus).

• For Cybersecurity, use https://tryhackme.com/ after learning Linux.

• As you create projects and grow, you will find that making mistakes and reverting to an older version of your code can be mindblowingly tedious. Learn to use version control for your code: https://git-scm.com/ and of course make yourself a Github account to store backups of your code and if you like, make it public for the community to use: https://github.com/.

• Github is an EXTREMELY useful place to find all sorts of code libraries and snippets. Most programming languages have an "awesome list" of learning resources on Github:

• https://github.com/vinta/awesome-python,

• https://github.com/sindresorhus/awesome?tab=readme-ov-file#learn,

• https://github.com/avelino/awesome-go,

• https://github.com/oz123/awesome-c,

• https://github.com/akullpp/awesome-java,

• https://github.com/uhub/awesome-lua,

You'll notice I have included many AI related links - because you must have an awareness of what is happening in that area of IT. The entire IT industry is at a turning point and to future proof yourself you must learn whatever path you want plus some AI basics.

If you want to build AI Agents, Flowise is open source and configuration is done visually : https://flowiseai.com/

Also may I add, you will never learn everything in IT/Cybersecurity because the learning never ends, so be efficient, know what you want for your future and pick the path of least resistance - like electricity 🙂

Hy guy's is there a yt channel that teaches how to begin on cyber security

#👥・new-member-guide if a good roadmap

Using the roadmap as a reference you can search YouTube for the specific topics

Tons of info out there

Thanks

I hope that helps, it's good to follow a roadmap when starting out

Sure, feature improvements of what though?

specify...?

Invisibility functions for what

..?

u need help about improving something for invisibility which u first want that person to go thru an interview?

Alright what should I use for sqlmap proxychains with TOR or a vpn if a vpn which one cuz idk any for kali Linux

you barely specified what you even need advice with

what, a malware?

Like for bruteforcing entries with sqlmap?

I mean both works but proxychains are always better

Alright

I’m prob gonna use socks5

for external id use tor routing prbably

Just have to find a proxy or I could use local host

I don't do much external pentesting though, mostly internale

internale

internal*

I was planning on using tor

So wifi/local network attacks and such

Where I just need to spoof my network adapter card manufacturer, and a few others like the packets it sends, mac and local ips

those are far from good options

I just have to figure out how to get proxychains to work again considering it’s being a pain

I’ll continue tomorrow

I have basically everything ready it’s just that I had a issue with waymap and proxychains

tor proxies is good enough

For some reason it kept timing out

your gatekeeping is pretty useless, there's not much more anonymity you'd need

Probably did something wrong in the .conf file

Should I just use dynamic?

huh dynamic what

proxies?

told u my suggestion is tor routing

In the .conf file you have multiple options

Chained,dynamic and another one

Through proxychains?

tor routing??

it's pretty public info

anything further for anonymity is useless

uhhh no

iirc you can do it with tornet on github

saw some Indian using and advertising that tool

Check it's source code first tho lol

I low-key don't rly trust it anywah

anyway

Yeah which would be overkill anyway, for the task he's doing

Can’t I just use proxychains through tor?

Or would that be slow

Well I would need to find a proxy first

That is decently fast

I told u, try tornet

Also on some proxy’s I see anonymity: transparent

What does that mean?

Are you using public proxy lists?

It’s more used for online web searching not sqlmap, nmap etc

Looks like it

No, it can be used for those as well

obviously, me neither

https://cdn.jsdelivr.net/gh/proxifly/free-proxy-list@main/proxies/protocols/socks5/data.json

It’s a json

Wouldn’t the IP changing thing interfere with sqlmap?

According the the GitHub thing it changes ever 60 seconds

You can change it though

Yea that's the default value

You can also just out it to an infinite delay

And just stay on one tor router proxy

check it's source tho first

It’s in python

yea ik..?

https://github.com/ayadseghairi/tornet

That one?

Code seems fine

ya

Low star rating is sketch

if u say so

I’m not really seeing anything weird

Take a look at it if you want

Too lazy and on mobile

I barely know python but the pip install requests are normal and there isn’t really anything weird or odd with it so far I can see and having low GitHub rate isn’t weird I mean waymap a program I use has a low star rating but I know the dev and its safe

Waymap scans for sqli, xss etc vulnerability’s

Nvm this guy is too dumb

To hide a virus there

Oop

Sec

?

def is_arch_linux():
    try:
        if 'arch' in platform.platform().lower():
            return 'arch' in platform.platform().lower()
        elif 'manjaro' in

 platform.platform().lower():
            return 'manjaro' in platform.platform().lower()
    except:
        return False```

His code is absolutely amazing

And mind blowing

Wym mind blowing

Sarcasm

His code is the same as writing

Which two?

If 2 is a number, 2 is a number

Absolute master

I’m gonna try it out tomorrow now imma gonna sleep

If it doesn’t work than idk I’ll figure something out Lol

It could depend on how invasive your goverment is, what country are you from if it's not a secret?

I graduated in december with my cybersecurity degree and I have security+ too. But i am having a hard time getting a job, even interviews, applied to over 200 jobs and only 3 interview calls. Anyone got any advice for me? in the mean time ive been playing around with HTB.

is it even possible to land an entry level cybersecurity job without having a basic IT job first ?

They deffo help correlate with each other

Make your resume stand out

Add a special project

Something like that

Or an achievement

do you mind checking out my resume if i send you in DM if u dont mind and have some spare time. ?

ive been doing HTB

i personally feel like my resume is good. but yk you get biased so idk. I heard lot of these resume go through automation before a recruiter even sees it. like 200 resumes and automation bot only forwards like 10 to recruiter based on metrics or whatever

im probably getting rejected by Ai at this point 😭

ats u gott tailor it based on job

they use specific keuyword to filtet out resume

yeah thats what im starting to do. im gonna use the important keywords and put them under my skills bullet point section.

the more the occurence of keywords the high chances

u cant send an red team resume to a blue team job yk

yeah right

I think on one of my first resumes fir an senior internal network security job (which also skipped me some levels of promotion and landed me a higher wage thancexpected) was my achievement of being able to hack and compromise the entire school network back when I was 15, which was against a network with an IT technician actively securing it, but I still managed to get access to any school account and teacher account that was active at that time on the network, which would include hijacking the dashboard for changing grades and attendance scores

sure feel free to send

get ur resume evalusted by a professional pentester

wow thats impressive.

he will give u a realuity check

bruh

it wasn't hard but it just showed a talent from a young age and such, helped me lots

It's not something I like bragging about, but it's reality, and it helped me lots

technician skill isue

obviously all was done ethically with explicit permission and I told a way to fix it after ;)

and u cant expect this guy to hack a network

rn

Very much, his salary was pretty good

💀

Sincara?

yea

thats ur story he's not gonna be same

Well yea, but I was just giving an example of making your resume "stand out"

I toldvhim he can just add a project that he's done or spent some time on

@reef drift trst ur gut . keep pushin as far as u can .

im not the one to give advice

and send that resume fr

do u know AD?

sincara

see the problem im facing is idk where u guys live but I live in Virginia which is a high military area, almost 90% of these actual cybersecurity jobs are asking for 5+ years of experience and the ones asking for only 1 year or less experience requires you to have active clearence before starting which i dont have. So im starting to apply for basic IT jobs like IT help desks and such which im not sure if is the best way to do things and was hoping to climb up and get into cybersecurity within the next 5 years. or plan B is to serve in the military for 4 years in IT to get a clearence hoping the clearence will help me land a cyber job faster since i already have the degree. What are ur guys thoughts

ok 1 sec

active directory? not a lot but im learning from youtube rn. tho i changed my resume and kind of bs and added that into my skills lol

so this the tric that compmany plays to lower ur salary . those are overkill

i would have applid for remote jobs

try to do a cert

i have security+ rn. but looks like they dont care about that and want actual experience

funny part is applied for couple cyber internships and got rejected like bruh

they expect me to grow experience from a tree

as i said thats a trick

dont fall for that

ohh didint know it was like a phycological trick. it totally makes sense tho. but yeah im still applying to jobs asking for 3 year expereinces

if u have sec+,companies will take u in a flower boquet

dw youll make it

yeah im really hoping to land a job within 2 months. I just heard there is so many people waiting to get IT jobs and only so little openings.

what do you do?

if u dont mind me asking

im a student rn

nice. what year

final

💀

u got any interships in ?

will be on streets on no timr

remote 1 month durations

yea

oh ok. thats better than nothing

💀

u have sec+ fella

u should prob get urs too.

majorit of actual cyber jobs asks for it

its a requirement

ill look into elpt

sec is not my type

is ur majory cybersec?

no minor

oh whats ur major

it

oh okay. wouldnt it been better if it was the other way around ?

elon is daddy 😭

cuz dosent cyber make more money than regular iT

lol

i wasnt able to secure a seat

and my knwledge is low

dk wtf is cyber until i got into college

wokeup and decided to pursue cybersec one day thats all

ah gotcha. well its still good that u have it as a minor.

from a big college

xd

what college u going to

throw ur resume

IIT

whre is that

google

xd

oh ur in india?

ye

no racism

that makes sense. I was expecting an american college name when u said big

hah no

what u expect stanford

hell nah

Depends on the country / Industry / Level of seniority in the position and company.
Cyber sec is kinda in the middle of the range, Senior software engineers are usually the top of the totem pole with pay outside of getting into Manager level pay which throws averages off.

The thing is tho how long are we going to need software developers considering a lot is being done by ai now

hello guys i just joined the channel and i wanna learn cybersec where do i start?

AI still has a long way to go to make fully functioning programs. It's a tool that is leveraged by engineers for very low level code but still requires human tweaking and debugging.
Cognition's Devin AI was a very big showcase of this. There are multiple videos and articles on it but here's one
https://www.theregister.com/2025/01/23/ai_developer_devin_poor_reviews/

Not to say it Won't surpass a human dev and be able to take over but with vulnerabilities with AI Poisioning and future security risks with AI still not leveraged it's still going to be a viable career path for a while.

#👥・new-member-guide

Do you have an idea of what branch of the field you want to go into? It's unfortunately very VERY broad

NO idea but what would you recomend for a newbie like me?

What would you say your IT knowledge is in a broad generalization. Are you currently working in an IT field and want to pivot to Cyber? Just out of College looking for direction? Still in school?

thank you imma check it out

Also this is a good resource for career planning. I'm going to see if i can get the mods to add it to that starting point channel since people wanting to go into "Cybersecurity" don't know that's like saying "I want to work in IT" waves broadly at the 5000 different job titles in IT lol
https://www.cyberseek.org/pathway.html

finished highschool thought of persuing psysiotherapy but i figured that i love computers

incredible

Can do stuff in your free time. Depends on if you want to make your passion/hobby into a "job" as they both carry different weights. Obviously a hobby you're your own boss, don't have crappy coworkers and can set your own time to do it. Career you get more access to enterprise tools / pay associated with doing your job etc etc.

im free till end of march,after march imma get a job but for the time being i can learn something

best of luck. The field is very competitive for entry level position so don't be discouraged if it takes a while to get started into it.

appreciate it

I have a question

same question that you posted in general chat?

No

How to stop ads on YouTube