#👥・help-me

Oh

Okay

honestly bro

its not that big

of a deal

at all

Yea

Only $2

☠️☠️☠️☠️☠️ I've been yapping the same

also

you dont need a wifi cardcd

for network pentesting/wifi hacking

ur pc's inbuilt one is more than enough

huh?

what about packet injection

de auth all that

Alright thanks to both of you.

u can semi/send packet injection without monitor mode

And another thing, i’m new to this what is a 3DBi antenna?

deauth isnt very viable anymore

newer frameworks ignore de auth packets

second of all its very detectable (with practically no way to hide it)

got any video on it

ill find one

after i finish studying

☠️

procrastination rn is insane

who cares about logs when attacking neighbour

lmfao

☠️

third of all, i would only get advantage from starting an attack on the network everyone is connected to instead of making an evil-twin that wont ensure everyone would connect to anyway

Hello👋 every one my name is Umar faruq

its not easy to make attacks on the network youre already connected to

hard*

hello wlc

Thank you

is there a url checker

like does any1 know how to check if a url is safe

you can try this:

https://www.browserling.com/browser-sandbox

thanks man

yw!

urlscan.io

https://virtustotal.com

Only two hours late

😄

What was that wall of text lol

The bot immediately blapped it

Hey 👋🏽 I'm trying to troubleshoot an issue I am having with installing a dhcp server in my virtualbox environment. I am on a macOS v12 system, using the terminal. I have virtualbox installed and two virtual host. But when I run the VBoxManage hostonlyif create, I get an error message.

buddy

stop

bot aint letting u pass the second time

Can I get help with my old Instagram account? I forgot my password

https://www.instagram.com/accounts/password/reset/

yes contact supprot

oop

I did still couldn’t get it back cause I don’t use the mail and phone I used to have

Then you're out of luck I'm afraid

Anyone who says they can help for a price is just going to scam you @exotic dune

Well I just got a message from one of them😂

Yeah

Ignore them

They can't help you

(and maybe report the person that DM'd you to a mod)

Sure bro thanks man appreciate the heads up

Those people are vultures... like, really stupid, horrible mean and stinky vultures

...and comparing them to vultures is unfair on vultures

😂😂very true

I need help

Am a beginner

I want to become a professional hacker

#👥・new-member-guide

I wanna get this script but its a exploit that you can run in a executor but its protected by lua armor is there any way i can accsess it

currently inside ctf need a bit of help with fuzzing

well, what's meant to be encrypted would stay encrypted

unless you're the one that made the encryption

and you have the keys

Still pretty new, just tired myself out putting together a demo network and decided to test packet tracer MU mode, but did so with serial connections. Someone smarter able to confirm the likelihood that was my issue, and that I should have been using copper straight through to connect to the MU cloud in both instances?

Are there any good virtual machines like the windows plus one if so can you send me the link in dms ?

i'd google about serial connections, and the differences between those and the copper cables

there are several virtual machines, but what do you need specifically?

Given the conflicting information I've been finding saying things both ways, I was really going for a "yes" or "no" to give myself a reference point for where to start reading.

anything that allows for me to tests malwares and stuff and it wont affect my actual computer

hyper-v offers distributions of both ubuntu and windows 10, 11 on their platform
it's easy to deploy, plus windows has a sandbox feature you can turn on that's much more preferrable when testing for viruses or malwares as it is meant entirely for that

I find it difficult here and if only

Is this place only accessible to PC users

Are you mobile ?

Ello all, getting started in pentesting and wanted to know the best ways to setup VMs? I've seen people create windows/linux OS's on their VMs (im using VirtualBox btw) and set them up so they can clone them for reuse. Just wondering if this is best practice or if there are better ways / templates I could possibly download that are setup well already?

No wrong way to start, virtualbox is the most user friendly IMO, later on if you're serious about cyber, you'll branch out to something more centralized like proxmox or esxi (which is free now)

Gotcha, im saying moreso for the actual OS's though on virtualbox, I'm using the parrot sec linux right now, but im wondering if there are better ones to use that are setup really well or is parrot sec fine

Parrot is fine, I personally use kali.

Helpful?

Yeah thanks, is there a good way to learn the work flow and process of pentesting. What I mean is like common apps, resources and tools to use when pentesting. I assume I'll learn these along the way with HTB or certs but thought i'd ask anyways.

It all comes with time. You're on track with HTB though.

I advise you to make feasible goals. For example. 'Try hack me' has a great module called "introduction to cyber security" it'll give you a rundown of what you should expect

Alright thanks a lot i appreciate it! I'm lookin to get into bug bounty hunting eventually but im only just getting started so not setting too many large goals yet, just getting the lay of the land first as its always been a passion

whats a RAT

and whats phising ?

Google it 🙂

Sure, people here can answer, but get in the habit of researching for yourself @unkempt tree

Floppy flower to you too @unkempt tree 🥀

plz

if you know the answer why not tell me

If you want to get in to this field, you need to learn how to research

You could've found the answer by now

"what's a RAT"

"what's phishing"

Real quick

idk how to research

just send me the answer

Do you know how to Google?

no sir i dont got google i live in north korea

Riiiight

Then how are you on Discord?

💀

I find it hard to believe NK would allow access to Discord

the supreme leader himself allowed it

https://tenor.com/view/shagarita-shalymar-shalymar-rivera-shalymarrivera-shalymar-rivera-gonzalez-gif-6246677886404709438

lol

LMAO

https://tenor.com/view/autism-autistic-sped-drums-fat-gif-2665520869773976413

Oh wow, the supreme leader! You met them?!?

eh

hey y'all, any advice? TOR browser is not loading anything. connection attempts time out. checked that it's connected to TOR network and it is. internet test says it has internet. can it be blocked on the wifi i'm using? OONI probe suggested to see if TOR is being blocked? but i'm nervous because of the warnings that network managers will be able to see that i used it...

Do you guys know how to create a botnet ?

#1286135820008296509 #📜・rules

Uh

Is a botnet unethical?

How would you use it?

Well night night, hope you find someone else to play with.

Uh ethical reasons

How so

Uh

Ethical

Plz just tell me

Ok ok, I'll answer you.

Yes.

Bro said ethical reasons

😂

It’s possible that the network you're on is blocking TOR. Some Wi-Fi networks, especially public or workplace ones, restrict access to the TOR network.

If OONI suggested a block, it's likely the network has flagged TOR. The concern about admins seeing the connection is valid, as they’ll notice encrypted traffic to TOR nodes. A VPN will help conceal that.

Hi guys is Tolulope Michael legit?

I have plenty reservations and have no idea how to advise my friend

New here, just wondering If any one can give me leads and refer me to get placed at apple(any IT role )
POV: no hands on experience. Super fresher. Done my ug in CSE & pg in IT, recent grad

Gotta use a bridge

I’m not saying no more

Bombastic side eye

Look for reviews or testimonials from past participants to gauge the effectiveness of his programs.

Ait ait

Start by optimizing your LinkedIn profile and connecting with Apple employees, especially those in IT roles or recruitment

Look for internships, apprenticeships, or trainee programs. Even contract roles can open doors.

Also, Apple sometimes participates in university hiring drives and tech conferences.

Bruh doing Sec+ is such a trek, its not even hard but is literally the most boring thing ever.
(And before anyone says something yes I do love learning it all its just when you start doing pentesting stuff as a hobby going back and doing these seems so counterintuitive but necessary)

Any advice on how to stay engaged lol

.Once you get a taste of the hands-on fun stuff like pentesting, going back to study theory can feel like a chore. But since Sec+ is a solid foundation,

Try relating the theory to your pentesting experiences. For example, when studying network security, spin up Wireshark and analyze some packets 🗿

Don't just stick to reading. Watch videos from channels like Professor Messer or NetworkChuck to break the monotony. They explain things in a pretty engaging way. Fr

Explain concepts like the CIA Triad or threat vectors to a friend or even out loud to yourself. 😉😉

Hahahaha appreciate it. Love this response 😂

It's just one of those things. After friday I wont have to worry about it anymore but yeah thanks lmao

Just gotta power through till Friday and then it’s freedom XD

The thing I hate is that its ALL read and response stuff, like Whats the best XYZ for ABC? And then multiple choice. It would be so much better with some practical applications integrated with it but I guess thats not the point of it at the end of the day. It's to just teach basic cyber principles and practices to newbies ig.

Sec+ is like the cybersecurity version of cramming a bunch of theory without getting your hands dirty 🥲. It’s all about checking that you know the concepts, not necessarily applying them. It would be way more engaging if they threw in practical labs or simulations to break up the monotony. 🙂

once you’ve got the cert in the bag, you can pivot to practical stuff like CTFs, bug bounties, or even TryHackMe’s Blue Team and Red Team paths. Those give you that hands-on learning that actually sticks. 🗿🗿🗿

Yeah my ADHD cant handle the boring stuff 😂 I gotta do the fun things bahaha

Yesyesyesyes thats exactly what I wanna do. I've got very basic pentesting knowledge so my plan is to do Sec+ and Net+, move into some crappy Level 1 or 2 IT role and do my PenTesting certs whilst working there, and then doing CTF, Bug bounty and related things at the same time

ADHD and dry material are like oil and water. The trick is sneaking in the fun stuff maybe after each study session, reward yourself with a little CTF challenge 😁

Wow thats actually not a half bad idea at all

Getting Sec+ and Net+ under your belt will definitely open those entry-level IT doors, and once you're in, everything snowballs from there. The hands-on experience you'll get in a Level 1 or 2 role will build that foundational knowledge, and stacking pentesting certs like eJPT or PNPT on top of that? Chef's kiss. 🥰🥰😘

Good to know my plan was right all along haha and I wasnt doing this for nothing

The C certs are also better then CompTIA if you want to pay for them.
Ccsp
Sscp
Cissp
CC if your entry level

You're building a killer career path one CTF flag and cert at a time!

So my ideal certs (subject to change based on this convo) would be this in order from getting it now to getting it last:

Sec+
Net+
(Maybe) MS-900
(Maybe) CISSP
(Maybe) CCD
PenTest+
C|EH
PJPT
PNPT
OSCP

And then also to do TryHackMe, HTB etc inbetween those

How much would this all cost

Too

Much

But gotta spend money to make money i guess

I mean I'm paying 50k for a college diploma hahahh

I don't think more than that

You’re covering all the bases from foundational knowledge to specialized skills.

If I were to tweak anything, I’d say skip MS-900 unless you’re heading toward a sysadmin or cloud role, and maybe consider eJPT as a cheaper, practical alternative to C|EH

Oh yeah f*** that i was doing a Bach in Cyber Sec, dropped it a month ago because after talking to previous colleagues, friends in the industry and other experts, they said yeah its good, but will never be as a good as high level certs you can achieve in the same or even less time that will ultimately benfit you more for specialized roles such as PenTesting

I've never heard of eJPT ill check it now

My college diploma is more of a dev diploma

eLearnSecurity Junior Penetration Tester (eJPT) is a really good entry-level cert for hands-on pentesting. It’s more practical than C|EH and often considered a better option for beginners looking to break into cybersecurity.

Yeah gotcha, not really sure how diplomas and such work or college, im from Aus so depending on where you're from it could be different

They appreciate those in here

Ok cool, but for employers don't they like C|EH quite a lot?

Yes, C|EH (Certified Ethical Hacker) is widely recognized by employers, especially in larger organizations. It's one of the more well-known certifications in the cybersecurity field and is often seen as a benchmark for ethical hacking skills

Gotcha gotcha, if you're going a dev role as well then it will probs be better

@magic ginkgo If you're just starting, eJPT might be a great practical introduction, and then later you could do C|EH for the recognition it offers.

I just want to have my own little company later on so being knowledgeable in all these domains would help

Smart yeah was just about to say that

Do you reckon Pentest+ or eJPT first @mental tendon ?

It depends on your current knowledge and goals

If you're already familiar with basic concepts (like networking, Linux, and some basic hacking skills), eJPT is a great place to start.

If you’re looking for more hands-on experience right now, I’d suggest going with eJPT first. It’s a great starting point for someone wanting to dive deeper into penetration testing.

Ok yeah cool, I've been messing around with linux kind of just nmapping my own network and stuff just to mess around and such but nothing to serious just yet, just testing out random tools that come with Parrot Sec.

So yeah ill probs do eJPT first then as I feel like (following comptias trend) PenTest+ will be more theory based and I just cannot be bothered with that to start with Pentesting certs bahaha

@magic ginkgo eJPT is definitely a great choice if you're already exploring Linux and tools like Nmap on your own network. It will help you build practical skills and get a feel for real-world penetration testing tasks, without diving into too much theory.

By doing eJPT first, you'll be able to gain hands-on experience and build a stronger foundation, which will make it easier to transition into more advanced certifications later, like OSCP. Plus, you'll get more comfortable with the tools and techniques you'll need for bug bounty hunting and CTF challenges, which you can start practicing alongside your studies.

Cool cool, regarding bug bounty hunting, what's the best way to practice for that. Would CTF be the closest kind of thing to it? I already signed up to BugCrowd just so im ready for when i start but it's a weirdly scary thought to do bug bounty hunting idk why haha

It’s completely normal to feel a little scared before diving into bug bounty hunting — especially since you’re dealing with real-world systems and vulnerabilities. But remember, bug bounty programs are designed to help you. They provide a platform to test your skills on live systems with legal permission. Everyone has been there, and even the best hackers started out feeling nervous.

Create a local environment to test vulnerabilities by setting up your own Vulnerable Web Application (like DVWA or OWASP Juice Shop). This gives you complete control over your testing environment and lets you practice various techniques and vulnerabilities safely.

Platforms like HackerOne, Bugcrowd, and Synack all have beginner-friendly programs where the competition isn't too fierce, and you can gain a little more confidence.

You're talking about this right? https://github.com/digininja/DVWA

What's the difference between that and just doing CTF's?

Also (and sorry for all the questions) what's the best way to hide yourself? I mean I know theres the simple answers like VPNs, proxies etc but when it comes to all this I always get worried I'll slip up and leave myself vulnerable whether its through the network or some other means.

As for DVWA vs CTFs — DVWA helps you focus specifically on web vulnerabilities and gives you more hands-on practice, while CTFs provide a variety of challenges and offer a broader skill set in security. Both are valuable tools, and you can use them together to build a well-rounded skillset for bug bounty hunting.

Anonymity and security are important while engaging in penetration testing or bug bounty hunting to avoid exposing your real identity. Using a combination of VPNs, Tor, burner emails, and isolated environments (VMs) is your best bet to remain anonymous.

Never use your personal email for any hacking-related activity. Create a separate, anonymous email (using a provider like ProtonMail, Tutanota, etc.) for signing up for bug bounty platforms, forums, or anything related to your penetration testing activity.

Ok cool appreciate it, regarding Tor is Mullvad a suitable browser? I've got it and to my knowledge it is pretty trustworthy but I haven't dug into it a huge amount @mental tendon

Yes, Mullvad is definitely a trustworthy VPN service, and it's known for its focus on privacy and security

Why does this sound like a ChatGPT response

Not as a VPN, I use Nord for VPN but mullvad as a browser

Lowkey ive been thinking that too but I thought maybe he's just intellectual like that lol

Mullvad Browser is a great choice if you're looking for privacy while browsing,

@magic ginkgo

you’re already using NordVPN, it’s still a good idea to use Mullvad Browser if you want to enhance your privacy 🗿🗿💯

The em dash gave it away that it's likely a chatgpt answer

fair enough! I try to be thorough and clear

! I do have a habit of using the em dash, don’t I? I’ll work on making it feel a little more natural l

Nahg

Bro is a bot

Aint no way

@mental tendon Have you actually been making me chat to ChatGPT this whole time

I'm a linux noob, and am dipping my toes into cybersec. However, I've been using a gaming distro to get familiar with the UI.
What's a good CS distro to begin with? I'm guessing going back to Ubuntu would be my best shot, but figured id ask anyway.
Apologies since im sure this has been asked before.

Haha, no, it’s all been me, I promise 🙂

im familiar with Nobara (fedora variant) and KDE Plasma (steamOS)

Kali Linux and Parrot Security OS

I use Parrot Sec, but most will use Kali

Just playing devil's advocate.
Isn't Kali the kind of distro you don't use unless you're certified or specifically trained to use it?

Stick with Nobara/Fedora

The reason why you use Kali is simply because you all have the necessary tools for an engagement.

it's a specialized penetration testing and security auditing distribution, not intended for general purpose use.

Kind of, it's just designed more-so for people who know what they are doing. You can use it if you really want, but yes it is tailored toward those who know what they're doing.

If you want something easier Parrot Sec is what I use and used to get started as its meant to be easier.

duly noted. thank you guys for the input. if i was to pick either of those distros for carrying myself through college (or straight cert grinding), im guessing parrot would be the better option?

Depends what you're doing in college

But generally yes

People will often start with Parrot Sec and later down the line move to kali

im aiming for linux admin work, but i know its going to be a while before i get to that level

noted

The majority of people use Windows as their main OS and run the rest on a VM.

Oh yeah Im hoping you're doing this all on a VM lol

would you be mad if i said no? lol

No but, you can create multiple machines with different distros on a VM which will be MUCH more practical for someone trying to get into linux admin work

Then you better start doing it. You will probably kill your VMs a few time in the learning phase.

noted

So you can restart if you mess up easily, clone different machines, test out different methodologies etc.

Hi everyone, its cyberhat here. i would introduce myself as a very beginner in cyber security and ethical hacking and i would love if you all help me learn cybersecurity

to put it into perspective how much of a network and code scrub i am, i built my first python-based discord bot half a year ago, and im learning C# to do the same

Depends what the bot is doing

true

What do you need help with? Biggest thing i've learned in Cyber is that you do the learning and research yourself as those are very needed aspects within cyber, being self-reliant. The purpose of this cord is to help with more specific issues whilst you're learning. But you should be trying to learn by yourself to start.

okay. parrot for the distro, then start tinkering with VMs. thank you guys again for the advice. i very much appreciate it

Personally, I just wouldn't even setup a dedicated distro on a computer. I'd run it all on VMs. But im a junior pen tester so my needs will vary to yours.

from my perspective, i kind of loathe windows, but that's personal reasons. i know its a necessity (meaning windows), but if i can be familiar with other OS's in the long run, it's what makes me happy

Each to their own I guess. You do whatever makes you learn, discover and digest better for your own needs and goals. But, HOW could you not like Windows 😂

ohhh suree suree. I randomly got to know about this server and yeah whatever you told that is true and i will surely start learning but can you give me some tips how can i get started properly 🙂

NDAs, can't really talk about it.

sounds cheesy, and corny, so i apologize, but yeah. hate windows

Damn well that's unfortunate. Are you looking at using linux as a full-time OS you'd run off of?

exactly. i have a dual boot nobara/win10 pc for my main driver, my steamdeck is my mobile driver, and im getting a laptop soon that ill put a third distro on

it's not as crazy as it sounds, i promise.

https://www.youtube.com/watch?v=_bF-3Dncmeo&t=55s&ab_channel=MadHat
Look at videos like this one and start your journey

Also look at doing certifications for whatever field you'd prefer to specialize in and do them
https://pauljerimy.com/security-certification-roadmap/

Jeeeeez welp it definetely sounds crazy to me. Sounds like a lot of effort I would never wanna do hahaha. Just keep in mind if you use linux as a main OS, there will be a lot of things you cant do as it's not a widely used OS like windows when it comes to personal usage and application

thanks alot dudee. I appreciate it

All good, good luck in your studies!

thankss man

oh im quite familiar with that. I do video game modding, and running modded Valheim on Nobara isn't the easiest thing.

can anyone help me understand this so i have a forgotten game and i want to make a offline and unlocked charecters and stages of a game called hero fighters pc version but dont have a clue of game codding or anything like but want someone to do it for me and create a video of what they did anyone can help (and if its right or wrong to do it in what cases too)

playing darksouls kinda permanently shifted my focus as to understand what "fun" means

Hahahaha very true

Can anyone help me with thm ctf currently stuck at a task. A hint will also be appreciated 😊

what task you're stuck on

Task10 i fuzzed that whole sote tried curl cmnd and xss also checked source code if there is any hint didnt got a single lead after all this
@mental tendon

Double-check the URLs and any hidden form inputs in the source code

No bro checked it

Try expanding your fuzzing to look for potential subdomains. Sometimes, the vulnerable part of the site can be on a different subdomain. fr

Did subdomain enumeration also
There is another port open of ssh but login is denied

addition to testing for XSS, try testing for things like SQL Injection, LFI or RCE if you haven’t already. Sometimes the payload is a bit different.

try brute-forcing the SSH login using tools like Hydra or Medusa. Weak password may be there sometimes the SSH banner might reveal useful information about the system

I tried that {7*7} cmnd but after that also didnt got anything

Ok i'll try that
There was some hint that it broke through its internal network

check if the site might have reflected or stored XSS vulnerabilities.

Its not reflecting but it is storing the xss

try basic SQL injection payloads to see if the website returns any error message

vulnerability might be in a part of the website where data is stored

From my enumeration i didnt got any sql port open or any database running on system
So will it work?

Thats the point data isnt getting stored its an encryption tool pgp

SQL injection specifically might not be possible on that particular system.

sounds like you're working with a sensitive data flow, where encryption is used to secure the information.

Yes it does have a port 80 open but just apache is running no any other dir are there

Through ffuf i got a console dir but its giving me bad request

only Apache running on port 80 and no other directories or web services are exposed, you're somewhat limited in terms of the attack surface,

Yes so you got any ideas😂

Try sending a GET request to the /console directory if you're using something like POST by default

Its giving 404 error

Tried it through curl

Check for any hidden files or directories

Tried post and put and delete but every time i got either bad or 404

it means that the server can't find that specific resource at the URL you're using.

How? I did every tool i know for dir busting
Dirbuster,gobuster, dir,ffuf,wfuff

And tried whole seclist files

Yes i think its using proxy kr something but after that also didnt got anything

Look for JavaScript that might reference files and folders.

specify extensions to try while fuzzing, such as .php, .html, .txt, .bak, .zip,

Tried extension fuzzing but got 404

Tried those basic such as /admin, /server, /.config

And used word list also

you got a 404 response is useful, but you might also be getting 403 Forbidden or 301/302 redirects ,?

Nope

I think i got a 403 but not on proxy i got it on javascript dir so i got console and JavaScript with bad request

try using a more specific or comprehensive wordlist designed for web applications.

Do you have any in mind?

FuzzDB

Like i just know seclist and the wordlist

@magic parcel

Any GitHub link or where can i find from?

https://github.com/fuzzdb-project/fuzzdb

Ok bro thnks
big help man

guys i need help on the grey swan challenge i dont know if you could assist me

Could you provide more details about the Grey Swan challenge? What part are you stuck on?

can anyone recommd me some good tools for OSINT

anything in particular?

there are tools that are better with finding emails, others better with finding phone numbers

and so on

Yeah to this ^ As well, you can have a look at #🕵・intel-and-investigation and look at the pinned messages. Lots of good resources and tools there.

images as for now

oh ok thank you i will check that channel out

Bro again coming in just to question people 😂

🤣 🤣

You got me rolling🤣 🤣 🤣

Hi guys i am currently studying Systems and Networks and i would like to develop my skills to become proficient in Cybersecurity as well can you provide suggestions or guidance to help me progress in this field? Thanks 🙂

#👥・new-member-guide

I passed out after messaging lol sorry for adding and dipping. I would say get the certs to get you employed then talk to your employer about subsidizing or paying for more certs.

Yeah agreed

How do i make a zipbomb or is there any good zipbombs i can get ?

#1286135820008296509 #📜・rules

We don't help with illegal/unethical activities

Its for testing my computer and VM

We aren't chatGPT either.

https://tenor.com/view/poochx-poochx-elon-gif-24420629

Uh well

elon sucks

https://tenor.com/view/shocked-elon-musk-saturday-night-live-wait-what-confused-gif-21520286

his stocks are results of his stupidity

His or the peoples ?

His

Take tesla for exame

How do i access someones network ?

#1286135820008296509 #📜・rules

Fine fine

Hi everyone can anyone tell me where and how can I start learning Cyber security

I think this is racism is it cause im a black hat

I just wanna access my own network

Yes, I’m overthinking and overwhelmed with cybersecurity right now.

Yeah so the stocks rise because people are investing right ? How is it his stupidity then

Your question was someone's and not your own, stop lying

Typo

Sure

No we are good people and have all agreed that the ethical way is the only way

ok

Yes

Unless we are not supervised (jk)

Please don't go there.

@mental tendon bro tried everything nothing worked

check for virtual hosts using tools like ffuf or gobuster with vhost mode might be something hidden that way

Great i'll check it

good luck let me know i

Sure

Got some 403 and 301 erros it is good but how do i access it? On 403 error its ./htaccess and ./htpasswd so these are imp files

Can i get tools ?

There are a few millions of tools

What tools you have ?

Are there other discord servers like this one ?

In your opinion, what does the "tool" need to do?

You need to be more precise.

Network

htaccess and htpasswd are usually used for authentication or configuration to bypass or view them you could try directory traversal techniques or check for misconfigurations

Instead of "learning" tools you better get a good fundamental understanding.

If you know the basic, you know which tool to use.

Nmap

Only tool you need

What about Netexec

Nmap

Netexec

Nmap

Use both

Half and half

Both I agree

rustscan is the move, faster and more effecient + you can run nmap commands with it

That's too much for my punny brain to get

Not enough knowledge yet

Rustscan is the same like nmap just better

How so? usage is very straight forward imo

I'm just joking hahah

simply an upgrade

I might have to use it

Never used it yet

thought you had some questions about it 🤣

And you can run it as a docker

give it a try and thank me later

Nah just haven't crossed paths with it yet

Btw

installing is easy and usage is easy. you got questions with it just hmu my dms are open

Yeah but basically how do i access my Network and upload files to it like from my phone to computer without going on the computer just using IP and network

Do u guys have any suggestions for DE's for arch

I'm thinking of swapping over

Heh

Phone ?

Just use OneDrive or GoogleDrive

Uh but like

Or you can turn your machine into a server that acts as a file server

How do i access the network

It's you network you should already be in?

I dont think im saying it right

Somebody pls tell me how can I install kali linux on my laptop
(I want to replace windows to linux)

Delete system32

How much free space u got

Please don't use Kali as your host OS

You can use Linux Mint or any other Linux Distro that's not a Linux Server OS Like RedHat.

Why not kali

There is a time where you test something out and brick your whole system.

Oh ye

Use a VM or something

Anyway got any DE suggestions for arch

KDE Plasma

KDE plasma is 🔥

I've a low end laptop
Windows 10
4gb RAM

Ye like artorian said use another distro

Mint is goid

mint is also easy to install

Thankss

No worries

Which edition should I download?

So basically lets say that i dont own the network but i got the IP how do i access the network and upload stuff to the PC or router ?

XFCE

:3

That's why I told you to learn the basic. Look up some of the CISCO courses with packet tracers

Im a skid

#1286135820008296509

Don't care. That's why I said learn it.

How do i learn cisco tho ?

You can change that skid status

Its easier to use other peoples scripts then making my own

Pay attention learn stop trying to rush through things your not gonna learn everything in one day or night yk

It takes time

https://www.netacad.com/courses/networking-basics?courseLang=en-US

And we're not gonna give u those scripts

Then why do you even attempt to get into security?

sorry to bother yall but my friend got doxed and asked me for help but all of my methods are outdated sence i wasnt reverse searching in a long time so could anyone help me a bit?

Report the doxer to the police

If he’s doxed already and they already have his info there nun you can beside get in contact with police

we're not going to help you dox a doxer or commit any other cybercrimes

there's also no way to prove this won't be used maliciously or to target innocents

am not sure but i think he is underage so we dont want him to get in truble so we just wanted to scare him a little with his name and some basic stuff

i managed to get his number

.

.

ah mb didnt see

You remind me of a Roblox com kid

i dont even know what that is lol

O ok

Just checking your temperature

Who ?

don't even start it..

https://tenor.com/view/druski-shrug-idk-iono-hands-up-gif-7122581203490458147

Anyways

we mutually agree... silently

dane

it's easy to tell by how ppl act or their profiles

How

How old is he even ?

Just how the person comes off and his story

How did he managed to get doxxed by a underaged person

It can happen

People add each other on discord they say there usernames they add each other

And that’s when all the shi happens

What

Ok

How can that get your ip from username ?

One your own Roblox you have people asking if you have dizzy

Know dizzy is discord for short terms

And they ass each other

And then that’s when everything happens

Or if someone keeps using the same username over and over it easy

So what they add eachother then they become friends and they like say oh my name is jacob whats yours ?

No

They become friends and they finally get to the point

Oh you have dizzy?

There answer is yea

Or the other answer is

What is that

and a bit more

linked socials, bio

Grabify ?

That's the worst thing u can jse in 2024

Use

2025**

Grabify was back then

Why do you care ?

It can't, but osint is pretty strong

???

u wrote "grabify?" As a question

Honestly I care if people gets doxed yea but it’s the persons fault or you can’t rlly believe the story me personally I have trust issues

I replied: that's the worst thing u can hse

tf?

and online proof can be easily forged

So easy

I have never been doxxed but there were people trying to or trying to

That’s how I started to learn I got doxed

They thought they was scaring me but all they was doing was motivating me just to learn

Lol

Now

I dare someone to dox me

They can’t

With there simple OSINT tools

OSINT don’t work on me

not sure but id say abt 16 or sum

And how old are you?

How ?

lol i aint saying that

I can guess

Your 16

maybe

maybe not

u will never know (proably)

Very careful about your age, or Discord is going to ban you

wdym

https://www.reddit.com/r/BannedFromDiscord/

if u think some under 13 will know cyber sec basics ur overestemating them

yea ik

Are there more servers like this ?

You are going to get the same answer. And worst case, someone will send you malware.

?

Whats the same answer

Any forums or something

If you ask the same questions on other server.

Forums ?

There’s other things but a lot of scams and trash stuff

Ok

Aighty will try it

id say

14

hypothesis

So between 14-16

Nah 4 on the dot

Ik

I am 14

nah

ur profile gives it away

i might be older or younger

kinda

yea then younger id assume

i had an acc in 2019

but i lost it

Doesn't prove anything

which doesnt say anything about ur age

What if hes 7103002929293 years old

oh and my profile is like this cuz i still play some games

@acoustic spear is my main

this one is for a game called shindo

Idk why

(i dont recommend playing it cuz there are black hats on that game)

So you basically use the same username for everything

which still doesnt proof

anything

Why is there a role called blackhat hackers ?

But I don't feel the intermediate in his roles kek

Cus that's what they are

and i dont feel the over 15 age

nah i got like 3 main accs with different names

I agree with kv I think bro 14 15

Imma stay quiet on that hahah

I kind of use the same username everywhere

💀

Hey it's got variations

Yeah but its not like anything unethical can be discussed or something ?

Not in here

It’s cool but just be careful yk shi can happen like that

Ye I know

wait what is even minimum age req for this server?

I have not the same pass anywhere at least XD

13

Discord TOS age

thats crazy

Why you 13?

nah

-# (or under)

Why are you greyhat ?

but its too low for this server

called it

instantly

knew it

Cus I don't really believe in the notion of good and evil

😂

im proud of my intuitions

?

@eager knot

want a free ban log

or can u not farm those yet

We're proud of you too

;3

huh

i js instantly knew by his profile he was not over 15

yea that obvious

What

but what does that have to do anything with me saying 13 is too low for this server

then youre contradicting urself

Yep

u said ur under 13 -> u said nobody under 13 can be good at cybersec -> greyhat intermediate

like imagine some kid find people talking abt zero flipper and make their parents buy it

nope

thats legit what u just ssaid

tf

lol

i never said am under 13

am 14 if u rly gotta know

amazing

still guessed

e

yea but i aint under the age of discords tos

Well played hahah first guess

youre too young to be getting revenge on ppl who dox lol

nah i aint looking for revenge

i just dont want him to get in more truble

Just call the popo on him

-> which is looking for revenge

he didnt dox me so i rly dont care

am just trying to stop him from doing sum worse

Talk to his parents

bro is from US and am in EU

Then why does it even matter

imagine if he doxes someone who can get a rat on his pc or sum

and he leaks his private dms or sum

Someone who could get a rat on his PC wouldn't get doxxed on the first place

☠️

good point but still

imagine if he tries

ok then he gets bit back

He would get nowhere

trust karma, and dont shove ur nose into somewhere u dont know the outcome of

i mean he leaks fake stuff

lets say that person has a fake indetity or sum

Then it's on him cuz it was his decision to do that

^^

yea but would u want someone doing that to a kid

??

It will teach him the lesson u so want

rat isnt the same as telling the person their name😭

I wouldn't want it happening to anyone but seems like the guy is asking for it and he will get taught a lesson I suppose 🤷‍♂️

yall are merciless fr

sure

but he gets revenge

that u want to give him anyawy

sorry we dont wanna commit a cybercrime ig

neither do i

i mean

i dont want to but i dont want him to get in more truble

i talked to my friend and people made a gif of his face and his user comparing him to a monkey

Then get him out of there

That's the best u can do

i meant of the guy that doxed my friend

first of all

trouble*

second of all

you're 14, whyt do u expect to be a saviour angel, stopping him from digging a hole for himself

Then you should get out of there

third of all, we cant help nor teach u to do this for obvious reasons, proof can be easily forged and u can just be acting as if were doing it for the good but actually you just have malicious intent of doxing someone innocent

i am safe when it comes to that

Am i allowed to help him ?

i got no pics of me online

No

i mean if someone asked me to do that id say the same thing but ig i didnt think before i asked

and why exacttly woulkd u want to anyway

He has black hat in roles

That's why I think

i had some dms offering to help but i rejected

i appreaciate it tho

For fun

Wanna get banne for fun too (jk)

He dosent want help anyways

Idk why he was asking in help me

for help ig

Yes but you dont any help tho

?

.

not now

before i wanted

Kk

does anyone know the best path to get into cyber analytics when it comes to certs i have limited knowledge when it comes to cyber security and I want to get into this field of work

start with basics like comptia security plus and network plus since they cover all the foundational stuff once you feel good with that maybe look into certs like certified soc analyst or cySA plus

also learning a bit of python

https://pauljerimy.com/security-certification-roadmap/
This is a good tool

The real truth about cybersecurity regardless of what all the youtube ads are showing and people are spouting is that cyber security is Rarely an entry level position. It's a transition role for feeder roles like network engineers, Software developers, Systems engineers and help desk employees. Without having on the job experience you will potentially have a hard time getting a job other than entry level SOC which isn't bad but can be draining for some people.

There is so much in here I feel lost

aspire to find your "section" and do one cert per "level"

should be easier that way

https://tenor.com/view/doomer-doomer-sad-depressed-gif-15543940

As a SOC analyst this is not true

Welcome to the field 🙂
But in all seriousness it's a lot and if you want the real answer, other than academic types. There are 2 types of certs you need,

1. The ones you need to land the job.
2. The ones your company pays for.

Didn't i say SOC is the main entry route?

This is the reason why I got into the school I am now as it offers internships and on the job experience (dev not cyber security tho)

I was talking more about that it's draining

But it is.

OH LMAO.

Srry

I had way too many "WTF" moments

Yep, Most people start in a feeder role then transition. You can't really secure something if you don't know how it actually works.

Nothing better than staring at a SIEM log for 7 hours while you flirt with the concrete from your 4th floor office window.

It's more like wtf why did the user fall for a phishing link. Or wtf why did the user just run malware. Or wtf why are suddenly files being encrypted.

We don't stare at SIEM. Use Cases are what's going to trigger an alert.

And depending on Use Cases we are going to investigate.

Of course there are XDRs which makes use cases obsolete

yeaaa... Not a SOC analyst myself but i got a hit from our endpoint saying there was a behavioral detect for Mshta having a command ran leveraging it. Sure enough had a user fall for a ClickFix Engineering attack. Those are nasty, full scan from Cisco CSE showed no infections but upon further inspect there was a service creation event in the log. 1 isolation command and a phone call later the user is getting a brand new image on that laptop 🙂

Ah yea ClickFix and Fake CAPTCHA are so frequently.

Was it also an MP3 file?

Which contained 99% of trash data?

These are probably Lumma Stealers

Nope, was a real site that had a fake index page added to it with 1 .js file that engaged it upon loading the page

Yep was either Lumma or Xworm

Oh god yea. XWorm is also on the raise again

Also did you know you can disable Windows Key + R?

Would probably prevent that user execute these malicious commands

Yea GPO for that and not allowing users to run commands at all is the main thing.

Not my Environment that got hit though so not my problem. 😂

We get that stuff weekly

😩

yurp. The joys of SOC.

since when do mp3s have malware that can be executed like that

Reminds me of when i was T3 for a hospitality company. It was all break/fix but no implementation of actual resolutions. Endlessly draining.

It's not really an mp3. It's still an HTA file technically.

For some reason mshta process ignores the garbage stuff and executes the script content.

How often do you experience snake/agenttesla in your jobs? or not?

yeah

although those win + r malware mostly deletes itself after execution

Last year we had a few Agent Tesla. But not much anymore

hm

Yea, I'm going to bring it up to the heads to remove perms for mshta for our users. We don't run any VBS anymore so there is no reason for us to leverage it.

mshta is legacy anyway

whats mshta

yea VBS has been dead for a long time

But then again I've seen that TeamViewer is for some reason using mshta.

anydesk is soo much safer against scammers fr

https://lolbas-project.github.io/lolbas/Binaries/Mshta/

ok how do i abuse mshta ?

oh god i hope people don't use TV for their environment

You don't

#📜・rules #1286135820008296509

but it says that can be abused by attackers

Correct. I'm saying you don't

yes

why not

@radiant stone what is your role at your company exactly?

Because we don't teach people how to do that here.

why not

Title is a level of Systems Specialist. Lots of generic titles where i'm at.

ah cool

#📜・rules #1286135820008296509

Would you say job experience is a replacement for a uni degree? and if yes how long experience?

Yes and no

because this isnt a server where you get help abusing things to hack victims

what is mstha then ?

Once you reach around 30 yes. Also depends on if you're going for a hands on role or Management role. It's unfortunately a loaded question because company A will tell you no while company B tells you yes

no one knows your intentions so now one can trust you with that information

Fxliz

Trust me

You will learn more

Im a goodkid

By not asking questions like these

yeah, thanks!

Plus you were already linked in chat what it is.

I just explained it lol

how should i know that

if i knew you irl as a friend id tell you how you could abuse it because i trust you and would know you wouldnt do anything with that information

but i dont

so i wont

same for everyone else here

If you're deciding between the 2. Go to a good public university (or shoot for the top ones. In the usa if you make under 80k a year you get harvard tuiton waved completely.) Get the paper and move on. No one cares where you went once you get past your entry level job

how

So instead of asking that silly question

You read the article

Im in Germany the monry isnt really an issue

i know in a video srhoe said asking questions is good

And find a YouTube vid in it

ok

But thanks for the advice nevertheless! And will do!

Google.com

Not how to hack someone questions

Or how to exploit someone

But rather how something works

You're correct. Also part of hacking is working in the scope you are paid for. Our server's scope is #📜・rules and #1286135820008296509 . If you go outside of scope on a real job you will face either 1. loss of your job. 2. fines 3. Jail time.

eh

what keeps you guys from doing soemthing unethical ?

Money

when your willing to make the effort

Jail

you yourself said you just want to watch tiktok for that

and want to ask questions about how you could hack a victim

The law

and my conscience

When you make 100k+ a year and don't need to stiff up every time a door slams too hard outside your house. You realize being ethical is way better than not.

Imma ask srhoe to make a back in line channel and have kids like him join and just give them lectures

Hi guys
I am a beginner in this field, and I want to progress quickly and efficiently, please tell me what I should start with.

#👥・new-member-guide

In school or looking for work?

U can start with this

Prison lol. And if you go to prison you can forget getting a job where they are going to do a background check

I want to make it my future career

what if i got to north korea

Yep which is awesome, my advice depends on what stage you're in in your life

They won't hire you

If you're not north korean already.... Prison

then your dead

because youll ask someone how to attack kim.jong un

Hahahahah

I'm still quite young 😅 to tell you just I'm still in high school but I want to prepare myself enough to be sure that it's my future career because I'm passionate about this field

Yes u can start with #👥・new-member-guide

id recommend watching youtube videos about it and maybe getting a tryhackme subscription

Will help u open the eyes on the field