#👥・help-me

refer to #1286135820008296509 and #📜・rules

It's not illegal to scambait an actual scammer

Well i got scammed a week

youre commiting a cybercrime back. also theres no way to prove theyre actually a scammer and youre not just targetting someone innocent

Ago and want to report to the authorities

Their real location

then report it to the authorities with the information you have

were not gonna help you get sensitive info

Alright

guys whats a good chatbot for explaining stuff like giving it a paragraph and get a fully detailed explanation on everything in the paragraph

Srry had some work immediately!! Well if they say that it's not forwarded, try doing ##02# on your brothers phone as @wooden wave said and if still did not help re check whether someone messes with your contract book and if that's alright contact telecom as @radiant stone said!

hey, I'm trying to create a zip bomb but it ends up being like 7 gigabytes how can I fix that?

#1286135820008296509

Nothing beats ChatGpt in these kinda stuff

cant help with that

I mean I checked the do's and dont's but like, there wasn't anything saying ı shouldn't make a zip bomb is there? I'm not asking you to hack an account, it's not fraud and I mean is it unethical to make a zip bomb? I'm not planning on using it on anyone except maybe myself or my brother(with permission). I just wanna learn stuff

what assures us that you would not use it one someone else

yeah, fair I guess

fair concern

Depending on the county you live in even if you are attacking people who are unethical or doing illegal things themselves it's still considered a cyber crime.

To add clarity, zip bombs would have no use in a pen test. With this in hand it would only be used maliciously which is against our rules when it comes to requests for assistance.

What is the first thing i should learn and understand to begin to Get in to hacking and cyber secuity?

But my dream job is to be a welder

Mostly to build stuff that is similar to a m5stickc plus 2

Is there any good books i should read?

Internet of Things with ESP32: Build IoT Projects with ESP32 using Arduino IDE and Python" by Ruben Oliva Ramos.

yo chill

lets hack nasa

Thank you

Thank you

Sorry I couldn't respond I got timed out for saying "If I had a malicious intent I would just use 42(dot)zip"(it counted it as promoting nsfw sites) and I think your concern is valid. I just wanted to see the effects but still I understand your concerns. Sorry for taking your time

Don't worry we are here to explain

If you got any other questions feel free to ask

thanks

lmao

Is there any good resources for cool projects involving ESP32s or arduino nanos?

Howdy yall im new to all this and was just looking to get help on where to start with out spending a fortune

Ultimately looking to be able to switch careers into cyber security or something along the lines

Okay I will look into it thank you so much

#👥・new-member-guide

Yo listen

Bro you know how I ask a question of like how to get a number to somebody's Instagram

What should I do, learn from tryhackme or hackthebox

I want to learn networking and OS

I asked him this question and someone charged me money in order to teach me

Is that ok ???

No I am just telling you that this happened to me when I ask that question

How much is required for purple team

Is there anyone who has purchased CEH v13 elite package and is preparing for the practical exam? I am having a doubt in one question and i need a little help in that

anyone can explain me pyramid of pain is simple

It has six levels from bottom to top increasing in difficulty for the attacker

1 Hash Values – Super easy to change just modifying a file changes its hash
2 IP Addresses – Attackers can just switch servers or use proxies so blocking IPs doesn’t hurt them much
3 Domain Names – Harder to change than IPs but still easy since they can register new domains
4 Network/Host Artifacts – Stuff like registry keys or specific traffic patterns harder to change but not impossible
5 Tools – Now it gets painful for attackers if you detect and block their hacking tools they have to find new ones or make their own
6 TTPs (Tactics Techniques and Procedures) – This is the hardest to change because it’s how they operate if you understand their methods and disrupt them they have to rethink their entire approach

Basically the higher up the pyramid you target the more it messes with an attacker’s ability to continue operating

Hope this helps you.

TTPs need to be refeormed. If an attacker is already in, they just exploit what works for them.

Hello I need some help with some disk controllers with Virtual Box

What issue are you facing with disk controllers in VirtualBox?

I finally solved it, thank you for replying tho!

Good to know!

Now im facing another issue that is kinda related to the disks lol, I need to make a RAID 5 in a windows server 2019 with the storage pools, I can't use the disk manager

I think this is more simple than the British english video man thanks 👍

Okay 😂

First open Server Manager and navigate to File and Storage Services then Storage Pools From there click on Tasks and select New Storage Pool Make sure you have at least three disks available since RAID 5 requires that Once the pool is created go back to Tasks and choose New Virtual Disk selecting your new storage pool You'll want to pick the Parity layout which is how RAID 5 is configured in Storage Spaces After that you'll be guided to create a volume where you can assign a drive letter and format it using NTFS Finally check the status of your RAID 5 under Storage Pools to confirm everything's good to go

Can I dm you the error im getting? Its just in the last step

Yes.

@naive bloom

sent it!

Hey guys. Hope you all are having a great day!
I just wanted to know if anyone knows any free certifications for cybersecurity that are worth doing

#👥・new-member-guide message

I presume no one replied thus no one uses macos t_t

Is there anyone who has purchased CEH v13 elite package and is preparing for the practical exam? I am having a doubt in one question and i need a little help in that

Guys a friend was asking for a number jamming thing he was asking wither it even exists he wants to do a project about it

Number jamming? That.. doesn't sound very legal, or ethical

#1286135820008296509 #📜・rules

hi guys i have a quesiton i got a exercise to do on ssh server:

In the home directory of user alice there is captured network traffic encrypted with the WPA protocol under the name file.pcap.

User Bob, who sent the file file.pcap to user Alice, recorded the network traffic while sending multiple responses to the task in order to analyze the encrypted traffic later.

Since Bob used multiple TLS sessions, he asked the server administrator for the private key of each session. Unfortunately, when Bob was saving the recorded traffic, he was not aware that among the recorded packets were also the server's private keys.

Decrypt the WPA and TLS network traffic to obtain the responses. Only one TLS session has the correct response. To crack the WPA protocol, use the dictionary of 10k most common passwords 10k-most-common.txt.

I scp'ed the file.pcap to the actual system from the server and user aircrack-ng to get the key from the word list,

i got the file to the wireshark and applied 802.11 packet key as the key i got and:SSID

i also found the private sever key in the packets but dont rly know what to do with it because every time i try to add it same way as 802.11 btu to tls i get only like 2 packets actually decrypted and rest is still encrypted, what could be the issue? Im doing these type of exercises for like couplde hours so i might be losing brain already... IF SOMEONE MIGHT KNOW THE ANSWER U CAN MSG ME IN DM SO I WONT FLOOD CHAT HERE

Which course or CTF is this related to @tight oak ?

some thing i got from my teacher

school

Maybe speak to your fellow students then

Learn together, instead of getting the answer from randoms on Discord

We tried....

Then speak to your teacher

He said all is good and we must figure it out by ourselfs

There's nothing wrong with going to them and saying "we tried x,y,z.. we're having trouble"

and im already losing mind

That's a shame

at first we thought its some issue from his side

so we told him

but seems like we r just doing smth wrong here

and none of us has any idea what

All I can suggest is to go through articles and learning material to try to come to the solution yourself, sorry

😔

Hey can anyone me get access to my email address I for got the password and can't access it but it has my resume that I need for the job I just got

Speak to support. We can't help

Anyone who DMs you saying they can help for cash will just scam you @dusk dune

Can't help with that sadly since it can't be proved that it's actually your account. Best thing to do is to contact support or something like that

I have emails in the email address to provide it's mine and I know the recovery number I just don't have that number no more and I have documents in it to prove ownership of it also @solid gull

which can easily be forged

Hlo, I'm creating vulnerability detection system for my mini project for uni.
It's just a simple prototype but can u guys help and tell me what things will be best to use and add it to the program?

Ah, currently I just started.
Like only studied what to do, how to.... 😅
I was currently re searching on the project and making notes..
It's 3am here.

I'm still a beginner in the field..

pst pst network vulnerabilities best

So the program will check the vulnerability in the application, or any file types which user wants to check.
Will be using C for this.
Also will use YARA.
(As requested by my professor)

Yes... But I don't know how to do this.
I'm still learning...

Features:
Identifies file type using magic numbers (header bytes).
Detects potentially spoofed or corrupted files.
Provides basic security warnings.
Can be expanded for malware detection.

This is all I did today..

easier than filetype

 $malicious_code = { E8 ?? ?? ?? ?? 8B ?? ?? ?? FF } 

Using this malware pattern

only good thing in file scanning is malware detection and

potentially corrupted files

the rest would be too general

theres not many vulnerabilities u can train a file checker on

very very vague

far from enough

ever heard of YARA?

https://github.com/VirusTotal/yara

https://nekolyze.vercel.app (no self advertising but uhhhh)

my project is also trained

oh what

i didnt see

myyyy baddd

Yup... Currently, started on it.
Just the basics.
I'm still in my 1st yr

Okii

Thx for this, it's much more detailed and relevent then my uni.

no worries !!

Hi guys, I joined this server cause I'm looking for help, since last month a lot of my accounts have been hacked and I lost some of them because of people breaking into them, I managed to recover most of them but I still have no access to some of them, so I wanted to know how is that possible, because my password have literally 40 characters and I thought that was enough to keep my accounts safe, and I used a different password on each on of them, and I'm kinda concerned, because today another of my accounts was hacked in the morning. I wanted to see if maybe you guys can help me.

Could be that one or more of your devices are compromised.

I'd pick up a fresh device, recover your accounts and reformat the remaining devices.

Enable 2FA everywhere

New passwords, all unique

Invalidate any other current sessions, or connected applications with permissions

I already booted my pc, I got Rufus and stuff and re-installed my OS and formated my drive

other devices?

Only my phone

No other devices

Check usage of your accounts, again.. authorised apps, other sessions

Any connected apps, without you noticing if you don't pay attention when authorising can be granted privileges

Browser plugins, also

But for example, my EA account was hacked and I havent logged in on my phone to EA

Anything that is "able to control your browser", get rid of

Clean everything

Ok, I'm on it, thanks bro

👍 good luck

I have a question as well

Like

Once you've recovered an account, check other sessions and invalidate, remove any authed apps, and then only use it from a known clean device.

Most of the accounts that were hacked, had 2FA enabled, so how is it possible to hack a account with 2FA enabled?

Usual answer is a compromised device, or authorisation given to a connected appliance

But appliances generally do not give the ability to change creds etc

Switch to MFA if there is an option. Also I'd recommend getting a software such as NordPass to create uniquely generated passwords that are encrypted in a vault for you so getting them would be a mission for threat actors.

If you don't wanna do that, you can always test password strength with https://www.passwordmonster.com

But also

Yup, you should only ever know one password, the password to your password manager, and that hsould then be secured with a physical or other 2fa device

A strong password that is compromised is useless

Everything else, random

2fa

recovery methods

So make sure to be safe on where you're inputing passwords, saving them, how often ur resusing them etc

Don't connect apps you do not trust

Same happened with me too @burnt spade
It was due to stupid fault... 😅
Untrusted exe...

And still ppl from diff place try to login to my account... But as MFA is on they can't..

Sorry guys, I was drinking some coffee, Imma ready everything right now

With the password that I was using it says that it would take "413 million trillion trillion years"

So I dont know if the password was the problem haha

First time I heard about it, Imma try that as well

Yeah like I said, A strong password that is compromised is useless

Check out Yubico devices @burnt spade

Using mobiles as Passkey is also becoming more widely available now

(aka phone as your 2fa device)

Windows and android in this case
And No, I did not installed anything before that happened, the only thing weird that I got was Project Nova, that is a Fortnite 7.0 build launcher

Well, there you are

So if you donwnloaded untrusted software, gave someone access, connected to something malicious, there's honestly a BUNCH of ways to get your passwords compromised. That's why you always have security measures like MFA and password managers setup so in case of human error, you're safer regardless because you take a little extra time each time you sign in, to be a lot safer.

In my case they could 😭

I'm afraid that's what got you @burnt spade

@burnt spade Send me this project nova to my DMs, ill check it for malicious content

probs the thing that got u tho

Like goblin says

Game mods and cheats, custom clients, that kinda thing.. it's risky and very likely to cause you harm

Like a Yubi Key? The one that generates a random password each time?

Not exactly

It will generate codes based upon a key, which can be used in the safe way a 2fa code can be

It's just spearate from connected devices, not on the internet, etc

A physical key

I don't have it installed, the only way to get it is to enter the discord and download it, do you want me to send you the discord link of them?

Yeah send me the discord

Im intrigued now

I wouldn't go and get the link tbh or hit up their Discord again @burnt spade

Likely it is what did you in, but if you have a link, just share the link I guess

Just share it in DM, and whoever uses it be careful ofc

Is not letting me send you messages, I send you a friend request

Not to me, I'm not doing that kinda thing tonight

Hello, i'm trying to create a wireshark challenge for a ctf with some custom things, not knowing a lot about these things finding resources has been kinda difficult does somebody have any advice?

Alright, thanks man, I already left the discord and I while ago I revoked the permissions that discord server had

Links showing no malicious activity, and the discord has 1.2 mil...

I honestly don't think its malcious

Thats a lot of people for it to be a malcious software

yeah...

I could do a deeper dive but

Lots of people.. prime for people to drop in to find people to share crap with

not bothered to sandbox it rn

It happens on our server

They are a pain in the butt

Anyway, all the best. Hope you manage to secure your gear and accounts

cheats are fun, more fun if u are the one making then

Making them, figuring out how to, sure that's fun

Using them.. lame

And btw, I have a question as well

I got my instagram account hacked, and when the guys entered to my account, he somehow deactivated the 2FA and activated it once again with his device, and changed the password and the email, I was trying to recover that account but I can't go trough the process cause is asking me for the Google Authenticator code, and instagram have no support bassically. I have that guy's email and that is the only information that I have, cause he was using Opera GX's VPN so the IP that I got from that email was the VPN, is there any way for me to do what he did to me to recover my account?

You're out of luck if support aren't going to help you, sorry

fun too

Anyone who messages to say they can help for a cost are going to scam you

Get good scrub

scrub?

Yes

If you actively use cheats, im dissapointed

Whats the point in gamin with cheats i will literally never understand the affection toward it

nah, bc i decided that now im gonna use only the ones i made

I'm not sure how they would have bypassed 2FA

Unless you had a recovery method setup on instagram that they had access too

super powers to me

Same person, compromised device VeebS

Okok

Mmmmmmmkay

Oh

Yeah

I forgot

Maybe I had that downloaded on my PC, that could be

and i dont have much time too, im in college studyinh math

Excuses excuses

So you have time to make cheats, but not to get good at a game

Come on

u can be really good at the game but u cant fly

Recovery methods are usually backup codes, SMS auth, voice auth, or something that cant really be given access. Unless in this case they had access to your device, which is the case here I think.

I got a friend request from somebody from this discord, is called danaunderwater, should I accept it ?

Thing is, you can fly, but are not really good at the game

the thing is doing thigs that are impossible to a normal player

I'd probably ignore tbh

In this case, If I already formated my PC and installed the OS once again, my pc should be safe now, isn't it?

You're just makin urself sound lame

why not, probably spam, but why not

Stop trying to convince yourself. Cheating is just lame.

lol. its just a game

Put your skills to better use

Just a game, which you ruin for others

gg

If you did a full factory reset, scrubbing your storage of everything, then yes your OS will be fine.

its fun ruins other ppl games, even more fun if is fps

I did, so it should be safe, thanks bro

urgh, done with you, buhbye

goodbye

pondscum has more respect from me than I do for cheaters

That is disgusting bro to be honest, with all respect

Unless its a rootkit or APT, usually they arent, but if someone was good enough and has one of those on your device, I'd recommend getting a new PC lol

What is a APT?

Advanced Persistent threat - although these are usually only really used by governments (nation state hackers)

Not gonna be used on someone to get their fornite passwords lol

Damn

haha

But, a rootkit is more plausible

i remember i rooted my device when i was like 7 years old to use lucky patcher once haha

I don't own that device anymore and is probably broken

technically speaking rootkits are APT's as they are persistent but not really at the same time

I did not even know at the time what a root was

Rootkits are different to rooting a device

Like, I already know, but not at that time

What is a rootkit in this case?

And the circle is complete

A pain in the ass

Oh, that discussion was in #💬・old-gen-chat

Okok, I'm gonna check that real quick

Rootkits are very hard to find, persistent and kinda just sit in the background

Started around there, it did get a little silly though

#💬・old-gen-chat message

I already read the explanation, pretty good one btw, I learned a lot, but I have a question
If a rootkit is persistent, where is installed?

If could be in the OS, but they can go as far as to be installed further down, in memory on hardware

As in, persist over reboot / format / etc

Any worth its salt will live as far away from userland as it can in order to enable a high level of persistence and resistance to removal

Most malware will try look at "data in use". This is because this is the process of data when its in the RAM most of the time, and when something is being processed by RAM, it is usually decrypted and easy to read as the RAM requires it to be easier to read to run it effectively.

Other types are data in transit, meaning data as it's being moved somewhere, such as over a network, and data at rest. Which could be things in storage for example that you can encrypt.

So a rootkit will usually just sit looking at multiple aspects, but mainly data in use, copying and checking all the data going through your system to gather data or PII (personally identifiable information) against you.

Damn man, that seems hard to make, the guys that is able to do such a walware by scratch should be godlike

Skilled people fo' sho'

There's a bunch in here that are more than capable of making them

I'm not at that stage, yet

We can all be skilled at anything we put our minds to, but some minds work different 😆

That is impresive in my opinion

Quite

Like, what happened to me, even if is annoying (because at the moment, somebody is using my photos pretending to be me and doing stuff I dont like), i find it pretty interesting in terms on "how did they do that"
So is quite interesting investigating and trying to get knowledge about what happened

That is unfortunate 😦 Just don't let them take over your life, as in.. you fighting them

Sometimes the only thing you can do is ignore them, report them, and move on

..at least in the interest of your mental health

Well you're doing more than most learning and investigating it.

Human error is the 'unsolved technical problem' of cybersecurity. Best thing you can do for yourself it to educate yourself on the best practices to keeping yourself safe and secure:

Password managers
Secure and private browsers
Dont use cookies on sites
Check links and download with https://virustotal.com before using them

And a bunch more things you can do

oops

spelt the link wrong

I spelt the link wrong, and the link i put was a phishing link lol

😮

wups

Yeah... Ive been fighting that over this time, cause I've been feeling kinda impotent on the situation, most of it because somebody is using my face, so Imma try to move on from that, thanks man

That website scans for viruses of literally any link or file?

HAHAHA

Yerp. And it shows you previous times people have searched that same link or file to see if it was malicious

Alright, thanks man

They have a browser plugin that sends things you download to them as well

Oh i didnt know that very cool

vt has an extension!?!?!?!?

Btw, now that I remember, I'm using this browser plugin

https://chromewebstore.google.com/detail/adblock-for-youtube/cmedhionkhpnakcndndgjdbohmhepckk/reviews

How do I check if some plugin is safe?

wtfff

I'd say its safe

Over 10 nil users

Over 300k reviews

If it wasn't, you deffo wouldn't be the target

Although I think u can also just check source code

I dont know if that one works for youtube ads, I'm gonna check

That's the problem

You want something that is difficult to do effectively, and people take advantage of that fact

Sometimes even by shipping working software and gaining trust

https://docs.virustotal.com/docs/browser-extensions

Ublock origin works for youtube

but does not work on chrome anymore due to their manifest V3 update

Yo i js got a quick question i did Research on it but i still dont understand what SQL is or what it means can some1 explain it to me

It's a language used for querying databases, a Strutured Query Language

Database: app
Table: users (has columns id, name, email)
Query: SELECT id, name, email FROM app.users

Result: lists the id, name and email values from the users table within the app database

https://www.w3schools.com/sql/sql_intro.asp

Google would've answered that

thank you for explaining this to me

hi i need help

I have a vulnerable OS which host by website but i can't view it when i searched by the ip address after i scan i got a saying port was 80.

huh?

Are you sure that result isn't of a WAF

Hey how to connect to Bluetooth in wireshark cause when i try to connect my phone it doesn't connect

On Windows, Wireshark doesn’t support Bluetooth capture, but you can try tools like Bluetooth LE Explorer or external sniffers like the Ellisys Bluetooth Tracker

Don’t dox people

Not cool

Ban ban'

Your 15 according to ur profile

Why do u need someone doxxed

We dont do that here check out #📜・rules

guys i recently made a movies watching web site and i got the idea to sell it howa can i do that if someone knows ?

lol

Operate with licenses?

Or just a load of pirated content

pirated content i think i may have some trouble but i just wanna sell to a particualar person

Then you're not going to sell it

There is zero value in that

And it's unethical / illegal #1286135820008296509 #📜・rules

alright thanks

guys what can we do with that feather that we are getting ??

Might wanna remove that from the profile here too axcels.. not the place to advertise that kinda thing

its my profile bro im not pulling a gun on someone to visit it

so im not promoting it on this server

🤦‍♂️

Logical guy promotes his illegal service over DISCORD in the worst possible server to do so

Gotta use our heads more bro

alright you got a point i'll remove it

Just saying law enforcement takes that shit super serious

Same with the actual movie companies

If you’re actually doing what u say u are

bro in my country no one gives a shit about it

I’m guessing your goal is for that site to become super popular right

no bro beleive me its open source project i dont get any money from it

i was just learning about full stack web dev and ive made this website

https://tenor.com/view/fbi-warning-gif-14098996

hahah ok go ahead

💀

I hope nobody clicked

skibidi toilet

lol sorry

😠

ow so now i'll be in jail haha

Oh no, you were on stream butterfly?

😐

Now I actually feel bad

Hello everyone i am a complete newbie learning via youtube.got my Kali installed and experimenting with nmap.if anyone here want to show me how to use new tools for ethical purposes only i will much appreciate that.Thanks friends

Hey guys, a family member thinks someone is logging into their gmail account, does google have a request process for sign-in logs or are there other ways of finding this?

You can manage what devices can log in to your account go here

https://myaccount.google.com/device-activity

And check for recent activities on your account

Read here

https://support.google.com/mail/answer/45938?hl=en

Umm so guys I was wondering...

It's best to have mutiple vuln in mind while doing bug bounty or it is best to focus on just one vuln....

Generally programmes will state to report as soon as evidence of vulnerability or sensitive information exposure is found

That said, chaining can lead to higher impact reports, but could also put you in breach of the scope and limits of the programme

I meant like when I pick up a program I should have a specific vuln in my mind I'm looking to hunt or not?

Depends upon what your skills are I suppose, focus on what you have experience in finding, and then go out looking for things you are not as experienced with

Good you got started. you may want to check out #👥・new-member-guide #1181325513055273090

Why?

I did't, but...

What if you don't have experience in finding anything

VM Name: Parrot OS Security Edition

The virtual machine 'Parrot OS Security Edition' has terminated unexpectedly during startup with exit code -1073740791 (0xc0000409). More details may be available in 'C:\Users\PC\VirtualBox VMs\Parrot OS Security Edition\Logs\VBoxHardening.log'.
Result Code:
E_FAIL (0x80004005)
Component:
MachineWrap
Interface:
IMachine {e36a5081-a82a-40bd-9e4e-42a44d6ce50f}

guys can you help me??

when i power the vm this pops up and then it closes

thx

hey i have experience for about 3 and a half years for working at security consultant

i have several cert: OSCP, CPSA, CRT
and i just renew it this month, im indonesian, i havent graduate from my university yet, my univ is full online

i want to find a new job maybe in singapore or aussie or anywhere except than my country, is there any new opurtunity here that i can apply?

Singapore:

Cyber Security Consultant Positions: JobStreet lists numerous openings for Cyber Security Consultants in Singapore, offering roles in various organizations

Nucleus Graduate Programme at NCS Pte. Ltd.: This program is designed for individuals aiming to establish a career in cybersecurity, providing structured training and development

Australia:

Tech Workforce Expansion: Australia is actively working to double its tech workforce to 1.2 million by 2030, creating a surge in demand for cybersecurity professionals

International Cyber Security Roles: Platforms like Indeed list numerous cybersecurity positions in Australia, suitable for professionals with your background

after some google research XD

hope it helps @fading trench

Search up GoRecruit, use them for staffing solutions

,

in italy there're 60milions persons, 6000 whitehat, paid 22k USD yearly.

#💬・old-gen-chat message

Issues with some game

?

Whitehats rarely get paid so low

Especially in italy

the max is 37k yearly. we are third world

Hello guys, anybody encountered Au Quo Tab with adminlock ? I can't do hard reset on it. I was trying to find a flashing tool for it it seems its very rare tablet that has Android 8.1.0 OS on it, it was from japan as far i know

Ok

Can blocking Malicious Ip addresses be part of containment according to the incident life cycle? If yes then wouldn't the attacker use VPN to bypass that blocked IP

Yes

They would

That's why u add anti vpns

so it can be part of containment

Yeah

Thank you

Topics to learn in networking and OS and how deep should I go in each of them

Are these CEH questions?

Nope was discussing with my colleague over this question

nw !!

what job are you going for?

Purple team

If you want insight on the window operating system then I must say cover

• Window registery
• Active directory
• Command prompt vs powershell
• PsExec
• Services

What about networking

Depends how depth you wanna go

What job are you actually targeting for

..

Purple team

Purple team isn't really a job position.

You can be part of a purple team engagement. On either the red or blue team side.

I mean like I want to do both red team and blue team work

That's way too much if you need to do both

Then cover the basics like OSI model, protocols, SSL/TSL and get some basic understanding of networking like NAT, NSA

I think you will cover up most part when you cover OSI model

Are they enough

In my opinion this should be good to go + port number is must

And if anyone online here wants to add some topics then do that too

Yes I am open for suggestions

You forgot some offensive sides too

learn the different man in the middle attacks and how people steal sensitive data just by connecting to the wifi

Also learn how to defend against those

The machine has a TCP service running on port 6060, which returns a task response after connecting. However, access to port 6060 is blocked by default and can be obtained after detecting a sequence of 3 UDP ports from the range 9100 - 9200 and connecting to them in the right order.

After unblocking access to TCP port 6060, you need to connect to it. In response, the server will send the task solution.

any ideas what could i try? dont want to brute force 1milion combinations, and basicaly all scanning techniques that i know give no usable result

Detecting a sequence of 3 UDP ports sounds for me you are supposed to do port knocking?

i guess so, but have no idea how to do that to be honest

Unless there's a rate limit it'd take u like 10 secs worth of bruteforcing to find the combination

I dont think there is limit, should i do it with python script or theres some tool you could recommend?

.

i am trying to move my files from my pc to a removable drive and it says "disk protection" i tried every tutorial on yt but it didnt worked

do u have data on that disk already?

Hey any one can help me I need pc for learning cyber security bud I don't have the money to buy can any support me by buy me apc i am living in Ethiopia

Hello, I currently have a problem to where I believe someone has made a fake Facebook profile of me. Is there a way without breaking laws to find out who made the fake Facebook profile of me. Any help would be appreciated

Report it for impersonation, theres no way to find who made it

python with multi threading should be finr

how much time should i use to check one port on tcp? cuz as i tried before with 3s it broke down pretty quick because of too many active checks, and im not sure if less than 3s will be enough for it to respond

tcp or udp..?

your question was abt udp at first

which have very different rules

i must find sequence of 3 UDP ports, conenct to em and then LOCKED TCP port 6060 should UNLOCK and i must connect to it and then sever should give me back the key which is answer

sequence of 3 udp ports from range 9100 to 9200

so like 9101, 9151, 9142

Im already losing my mind on this ;-;

Guys I wanna practice my window operating system knowledge do you know any platform where I can test my knowledge

To be fair - microsoft forums.

They also provide test series??

They provide people with problems - which u can try solving

And at least for me

It taught me kinda a lot

Will try out

Dont do only the forums cuz u gonna lose brain (saying form experience) but its good add-on to other types of exercises. More life taken

Please

Research on how to learn Powershell. Learn on development tools and configuration programs such as Registry Editor or Device Management

TryHackMe has a lot of knowledge and learning tools for Windows, especially for the Red Teaming Roadmap

Its a good diverse mix of Linux learning also

I learned registry, AD, services, sysinternal tools but I wanna test my knowledge

sir none of us are financial stable

😦

Sad realisation

I’d suggest tryhackme honestly

They have alot of rooms for Windows, my favorite one is about Procmon

I will look into it

Or Windows presistence/ privilege escalation

Best rooms for windows learning

Ok but ok support me by how to learn with my phone and by using mobile data

@haughty nova you know any attack on processes like impersonating processes, or PID?

Do you know the basics of networking?

I know a little things but what is my real problem is I don't have WiFi so I use data so sometimes It's not stable what ineed is from you is the way can I learn with out active internet connection

You can find .exe injectors to use to execute exploits onto a process using a PID, you can use Procmon or Task Manager to discover the PID and use cmd to execute injectors onto a process. You can go into the “Abusing Windows Internals” room on Tryhackme , its great

Thank you so much

Helped me alot

No problem

Nobody's buying a pc for u

https://tenor.com/view/angai313-spongebob-sad-spongebob-crying-gif-21679826

a little is how much?

learn from yt

omg hey disso!!!

hello kv:DD

hru?

Friday evening

I forgot abt all my problems

I can sleep and not bother

lmao i wish i could do the same

But shabbat no?

https://tenor.com/view/catnap-cat-napping-cat-sleep-cat-sleeping-napper-gif-27074584

it is yup but i'm still dealing with depresso espresso

Ok but where are you from

Ok

Work and save money so you can buy a Pc

why does that matter

nawww

do u have any pets?

grt a pet!!

i do have a dog in the house, her name is chika:]

Hey I just joined this group thing from a video recommendation im like super new to coding and kali linux etc im trying to begin education for cyber security courses among other things can someone please give me some tips or recommendations on learning entry level coding and or diagnostic stuff please id really appreciate it. Im kind of just scavenging around videos and using mimo

I find this helpful #1181325692823150642

Here you'll find the basics to get you started in your cybersecurity career

Thank you

All thanks to @minor blade for the resource he keeps updating us all on.

So how has you day been man

try here as well #👥・new-member-guide

im in a ctf comp and im stuckat a question

can someone help ???/

what's the question

Read the flag.txt in home directory of unknown user. web

Im just trying to learn ubuntu but cant find a good tutorial on yt

Tell me one please.

do you know hacking basics

im not soo into hacking

so you wouldn't be able to answer that question

ive trieds running command in the search bar

would be a help ??

we only got 4 q left

can't help you with a ctf that isn't really mine

it's more so a competition that introduces you with a server that's usually not publicly available depending on the circumstances

now i assume that the server that y'all should hack is a linux server

its a website

yeah but

they are talking about a user's home directory

ik what ur saying

how can i reach it

by hacking the website lol

You can put this in ai and insta answer

ive tried

if you can't then it's the core problem that you'll face

i don't think you will be able to obtain the flag

Doubt

Ai can't give simple cat command?

Beats me

well after that ctf is done and all you can just look over here and start if you'd like #👥・new-member-guide

nah he just needs to hack the website first

💀

in order to gain access to the linux machine that's hosting it probably

Yea good luck

Why even hack when you don't have the fundamental down?

thought would bew fun and it was till i reached that q

ive solved every other q

and now im stuck at this one

What did the other questions consist of

all diiferent q

Yea obviously

show me some of the other questions

can anyone tell iftheres something wrong with this hydra command?
i get ouput like every password is valid

hydra -s 9434 -l admin -P darkweb2017-top1000.txt 10.35.40.58 http-post-form "/phpmyadmin/index.php:pma_username=^USER^&pma_password=^PASS^&server=1&target=index.php&token=l_v%233nEcH%7DO%3Fq7GY:F= Cannot log in to the MySQL server" -V

goal is to get into phpmyadmin (CTF)

Burpsuite:

POST /phpmyadmin/index.php HTTP/1.1
Host: 10.35.40.58:9434
Content-Type: application/x-www-form-urlencoded
Content-Length: 134
Origin: null
DNT: 1
Connection: close
Cookie: phpMyAdmin=rgrbagiv7d5km9shjg8i81r4f7; pma_lang=en
Upgrade-Insecure-Requests: 1
set_session=rgrbagiv7d5km9shjg8i81r4f7&pma_username=sad&pma_password=ad&server=1&target=index.php&token=Euc%7FR%3D%24%6082Ir%2BA%5B%5C

(token changed)

i think it's because the token has to be dynamically implemented with each trial

Any tools that could do it throught firefox for example? like auto fill field and send

there's also intruder that you can use

it's a burpsuite tool for brute forcing

cant get it to work ;-;

i never learned how to do so but apparently you can apply a rule that obtains and changed the token with each request

https://xre0us.io/posts/multi-step-auth-automation-in-burp/

try look here

sadly burpsuite slows down through the process

yup it's the community edition that does it

yo guys i need help

nevermind

the hacker is trying to hack my device again and he wont stop.

harassing me

my boyfriend keeps telling me to ignore the situation and to not do anything about it..

to learn coding and some other thing not an easy job

hes hacking on an iphone

and he wont stop texting me from a new number after I keep blocking him

Oooh

oh ok..

thank you

and the hacker is calling me from a random Los Angeles phone number

ok thanks !

@deep prawn who is harrasing you?

the hacker I told the people about in this server and boyfriend is no help at all

yesterday

and they told me its a phising hack on my phone and I have to factory reset it.

If a vpn + tor doesn’t keep you anonymous, what does?

anonymous is subjective. What's your definition?

Like if they can track you

Is linux necessary? I want to still use windows however. I heard there is a way to use both at the same time but is it demanding to switch over from linux to windows?

For context I bought my laptop in 2020 and it does have 16gb of ram and a ryzen 7 4800h but I want to maximise it's life

How can i bypass 2 faq authentication? Does anyone have a good otp bot?

Use the virtual machine bcz
U got some nice specs

Research on how you can set up a dualboot or liveboot USB with Linux on it. Linux is necessary for machine learning and scripting, which is essential for most tech fields computer-related. Your specs are way enough for a Linux distro, any can work based on what you desire for any distros.

I know my specs can handle Linux however will dualboot be intensive?

Is there any risk of glitches or errors in my system if I keep switching os?

It will not, just research like youtube to know which distro you want and install it. There is only a risk of glitches if you have a unbalanced partition or any corruption within the ISO's filesystem.

You should be fine switching back and forth, however, depending on your system, boot time will be estimated so don't just go back and forth everytime, otherwise use a VM if you are more tight on the storage you use

Does anyone know a good otp bot

Does anyone know how to remove yourself from getting your address and phone number found on those people search sites?

Trying to test out wireshark and learn it, is there a way to filter by application, for e.g. all network traffic going inbound and outbound of teamspeak?

I have a feeling ill probs have to display by port but ive got no clue as of rn to figure out how

Help - I am trying to delete Vmware from my pc but the uninstall option is grayed out, I tried it through powershell too it also gives me error. How can I delete it from the system ????

Run it, use task manager, click the process open the folder location

There should be a uninstaller file there

Thank you

So i know ProtonVPN is better than NordVPN, what about Nordpass vs Protonpass though? Can anyone give factual info on the two? Done some digging but want some second opinions

hey guys is there a way to remove a security key on a company lenovo thinkpad made in 2023 only allows users to sign into work email account

I prefer to use mullvad.

Yeah i use mullvad for other scenarios, but im saying in terms of password management

Password management use keebase

Thats my go to

been using it for 5 years and its worked flawless

allows global http,s auto -type

And its very customizable

keybase.io?

No sorry my head was somewhere else

I meant keepass

You can find its download at keepass.info

It looks so old though bahaha

There are themes for it

but you can get the newer version

its keepassxc.org

Its more UI friendly

Mmmm but Keepass has been breached before

Protonpass and nord havent

@zinc phoenix

Everything has its faulty sections but i would prefer a open sourced solution to keeping sensitive data out of cooperate hands

proton is open source haha

Proton pass has had vulnerabilites

One that was recent and one form 2023

Its a independent audited thirt party software. Its code can be inspected but from my opinion its better to not trust something with a faulty rep

Oh yeah see that now

Proton has a faulty rep?

Yes

M mkay ill look at it

How so

I use proton for burner mails other than that there was a memory handling flaws

which led to vulnerabilities to extract sensitive data

Yeah saw that memory thing

Thats where I put my views to a bad reputation

Gotcha

Good service good means but allowing private keys to be extracted doesnt shout it to be the safest

Every 'best password manager' list I see never mentions keepass though bahaha so sad

Because those are promoted ad revenues from companies

Yeah thought so

You will never find good software by searching best password manager or best browser for securities

https://spyware.neocities.org/

Really good site to help you find what your looking for ^

Is keepass able to be used over multiple devices and my phone tho?

^

No

^

You could get it drive portable ?

Portable download would be the most efficient for using it across other systems without the inital database downloading and keepass downloading

mhmhmhmmhmhmh

idk

I know its a bigger attack surface having an online vault but i kinda need it

I dont thin there will be one to your liking with promising privacy features

I reckon ill use keepass for the sites i care about people getting access to, and just stick to nord or proton for general usage passwords and such that i just need to access but dont care too much about their safety

If you even try look for any you will be hit with the typical ad filled suggestions like 1password dashlane protonpass roboform e.c.t

True

https://keepass.info/plugins.html# Give its plugins a view

Alright will do thank ya

Will look into thanks

One more question, regarding my proton mail, what specifically should i be using it for, obv for sketchy things for pentesting or just pentesting in general but when it comes to signing up to HTB for example, should i just use my regular email?

Just tryna improve my personal security baselines

What i personally do is isolate things. For example, i use proton mail's for signing up to dodgy sites or for sites im unfamiliar with and i only touch my tuta mail for IRL related stuff

Gotcha, so for HTB and sites such as that i should just use my actual email then, cause its trustworthy

If thats what you prefer then yes

Well im just more so worried that somehow my proton email goes down or i delete it forgetting all my HTB progress is on it 😂

With proton mail you can setup certain things to give you "reminders"

Proton emails rarely have problems you could use a yubikey to layer up your security

Very limited to free accounts

Common sense

There is no way to remove publicly accessible information unless it was taken from a closed source such as a databreach you could possibly file request it to be taken off that specific site

Appreciate it

No problem any time

You could either use bleach bit or geek uninstaller both wipe data flawlessly

@everyone I need help with RTA can anyone help me with it ?

I need help with nethunter

i need help finiding resources for ceh v13

anyone knows where i can find ?

hi guys i'm new to cybersecurity so please guide me with the source or the roadmap which i have to follow to become familiar to this field.

#👥・new-member-guide

Hello guys can someone help me

With what?

sure what do you need help with

within rta

likely #1181325692823150642 ?

I need help with warpcast invite code

hm?

Invitation code

and what's the issue with it

I'm unable to sign up I need an invite code

I believe you need to buy those?

Does anyone know how to set up subzy? I've been trying to set it up for a while and I have it downloaded but can't get it to run on my files or on a single address

I entered my bank card number on a website to try it for a 14 day free trial. Then I canceled the card to prevent further charges, but I couldn’t cancel the subscription because there’s no clear option to do so. Now, it’s going to charge $24 every month. How can I cancel this, or do I have to change my card number? Note that on this website I logged in with my email, and when I go to the subscriptions or payments section, I don’t see any record of entering my card number. Please help me 🙏🥲

Guys ssh keep closing my connection without final key exchange... what do i do?

means that the ssh connection you are trying to establish requires a key file that you should redirect to

aka the id_rsa file of the user that you're trying to connect with and is preconfigured on the machine you're trying to connect to

How to download virtual box on D: drive rather than the default C drive

Oh okay.. let me check the .git stuff i downloaded maybe its in there

https://imgur.com/1KIG4rd

Tried that

Nothing happened

wdym nothing happened

you're supposed to change the location of the download

It's saying it doesn't match the security requirements

no admin acc?

you prolly have some restrictions on ur acc

Ahh how to resolve that?

You get an admin acc

Use your own pc

Not a school one or not ur parents one

It's my own pc

Then you should have sufficient permissions

https://www.reddit.com/r/virtualbox/comments/1c5q3il/comment/lxpx2pd/

try looking here

I will check it tomorrow in the bank thanks sir

How can I install linux in virtual box

Link not working

Thanks brooooo😭

works fine

The link itself

This site can’t be reached
The webpage at https://www.howtogeek.com/796988/how-to-install-linux-in-virtualbox/ might be temporarily down or it may have moved permanently to a new web address.
ERR_HTTP2_PROTOCOL_ERROR

I finally downloaded it in my D drive😭

Chrome

Yuck.

https://spyware.neocities.org/articles/

Thanks!! It's working now

Lol! VPN was on that's why. Maybe 🤷

ew

#1286135820008296509

sry

Learn C++ C# and how to use debuggers like IDA ❤️

HACKERS , my name is dali , i joined this community a while ago , my mother is a lawyer , and she has this case where someone deleted a ton of excel files , when i did my best to retrive these files it asked for a password , so i came here , can anyone give me some tips , and if its complicated i can even pay for the help , thank you

i dont think anyone would give you any sort of help regarding this. Its just the ethics and from peoples point of view and lack of information it will be unlikely for someone to help you due to its legality

Not sure which file are we talking here but there will be Tuts to crack them

Out there

in terms of informations , i am ready to fill you with more informations or even a screen meet session

regarding that you could use a brute force or you could try and look for a recovery method

and with all due respect legality wont be an issue either

☠️☠️☠️

Im pretty sure theres something called passfab for excel you could try that

passfab ?

What do you want me to say without violating tos man..

Yes its a password recovery tool for excel

It is payed

is it legit ? sounds too good to be true ?

Cant tell you i dont use excel

yea i figured , ill just wait then

It was just bias off my memory

dm me if ur intrested

ill poke around myself until then

Best of luck

thank you

*again the client has given me full control of the files , so please do not fear any legal issues , for more details please dm me as soon as possible

Is there a way to legally remotely monitor my girlfriends phone. To see who she's texting/calling. To find out if she's cheating. Because when I asked her why she was always deleting her messages. She said "to avoid arguments!". I was like "Soooo, you delete proof that you're not cheating?"

no

O.k., thanks anyway!

To people that have a job in cybersecurity would y'all go to a university for studying cybersecurity or stick to community college? Rn I'm trying to decide between UTSA and ACC

My recommendation is sticking to a college course and later looking for a apprenticeship. Its the best since you will be able to also be eligble for a internship that will get you payed and educated as you do on-job education. and it looks really good on paper,

yo guys
i need help
do i replace my ubuntu with arch
or do i triple boot

hahahaha lar

@last maple @zinc phoenix thank you guys

either is okkk

No problem

studying azure in VC

Now I have neither hahaha

I have js arch

Does anyone know any Osint discord bots?

No one will help you with this here. But as some seperate advice, if you are unable to have a sit down with your partner and discuss your issues without resulting to trying to track messages and their location, then something is wrong and you need to try to fix that.

I've had my fair share of experience with this with my mother and her partners and it never ends well when you're tracking every little thing they do. Just some advice for you before you do it or something similar to it, it's never a good choice to do it.

There is BosINT but be careful using it as it has some questionable features.

hi I need help I am illegally being monitored by someone not sure if they are obsessed with me or just planning to give dirt .lol I really need help pls I'm a victim . aside form the fact that it invades my personal data.

Speak to the police.

sounds like someone i know lmao

to where fbi?

Yes

or your local police department

I am flattered if they are being obsessed with me but if they are using my personal data for impersonating and sht I am cooked

If

That's a big if

Ignore them, move on

I've tried. But she adamantly says I'm crazy. And trying to sabotage the relationship.

If you are in danger or being impersonated, then speak to the authorities

if I was the girl I'd think you are crazy. Communicate. Jesus christ. lol

You're kinda doing that quite well by the sounds of things..

Everyone deserves their privacy

If you're trying to prove that your girlfriend doesn't want to be with you by infringing their privacy, I'd just skip that step and leave

snooping someone's phone is never legal.... my pc and phone is being snooped on. ugh.

Sorry, that was quite harsh

real . why stay in a relationship where you cant give trust. its waste of time,

its like hiring someone but you cant even trust them! lol it annoying af. now before i go report this to the authorities i want them to come clean. I dont wanna hurt the obsessed ones. lol

Yup, speak to them first

I felt like i was hired but was hired by a cult. if they cannot trust their own employees. goddamit

Huh? That escalated quickly

now if they are just obsessed with me they should just try communicate.

So is this your employer, a friend, what?

employer

a paranoid one

eeeeesh

LOL

A fellow employee, or one of the company owners?

i dunnoo what to do man...

employee

Got HR?

nun

urgh

I dunno

should i throw my pc

I don't think so? Why would you need to?

I am very very scared of the data they are collecting not that i have illegal sht but still!!!! its illegal to snooop

How do you know they have collected data on you?

someone snitched

and it connects

I guess everyone is right. If her normal habits aren't normal anymore, she's being secretive about stuff, sneaking around, and gets defensive about any of it. Then I've already answered my own question!!!

Ok, not to diminish, but hearsay means sod all when you see patterns in everything (just human nature)

Speak to them first @dense raft

omfg man get a plane ticket and talk to her dont stay on discord lol

they will deny it for sure they are trying to either " plant " dirt or digging some dirt. either way I dont think it is legal to do this kinda sht

Well, if you go to the authorities, they will ask for evidence

What do you mean get a plane ticket?

its an obsessive behavior a toxic one . do they wanna marry me or something wtf

And hearsay won't cut it

It's hard, laws very different in each country

you said she is far by the looks of it

In some if you make waves in a job, you get chucked out and nothing you can do

In others you are very well protected

id quit

i want my peace

lol

I didn't say she was far.

they have infiltrated my chat gpt accounts and emails

If you believe that.. reset all passwords from a clean device, including 2fa

then reformat other devices

i mean I can get my pc cleaned but they will attack my ip what should i do???

Only a few options.. speak to them, speak to the employer, or speak to the authorities. I don't think you should have to quit over this if it's true

my phone and pc is infected with sumhin

they will deny who ever admits they hacked u ? hahahaha

Attack your IP? That's not a thing that makes you immediately screwed

they are black hat hackers

i can sense

So?

that's not a thing

an IP does not make one immediately screwed

they are monitoring my every move including where i go and sht. fcking annoying . are they my fans i dunno

🤣

Just speak to the authorities, there's nothing else I can say, and you are obviously in distress

but I'll say now, you will need evidence.

Not gonna carry on with this

ok

... In Australia we have a fair work department that handles disputes within companies and mistreatment to employees, if you have something similar I'd contact them as this is EXTREMELY wrong lol

sigh

Yup, same in UK

Employers have a duty to protect their employees

what if its the bosses orders to monitor my every move coz they thought im a killer or something without due evidence

what?

and so they are digging for some sht that they dont have

Now it's the bosses?

Take a breath

Unless they got you to agree to use a monitoring software, a past employer of mine made us use TimeDoctor, but if not then contact someone about it

You sound completely paranoid

Bruh

Why would they not just fire you and contact the police

THEY HAVE EXPLICITLY TOLD ME THAT THEY DO NOT MICROMANAGE. ha! far from it!

Makes 0 sense

Dealing with abuse within your organisation is not micro managing

they have infiltrated my ip / network instead! lol

I know right they can just fire me. why not that? easier than hacking someone

fcking annoying

Calm down

its just a week ago that i learned this, question is howlon have they been monitoring and gathering evidences and using it for impersonation?

my life is at stake

This isn't me trying to sound mean I'm just gonna be real.

What you're saying sounds very extreme and more-so your paranoia rather than logical thinking.

If you're really worried you're in danger and being unethically/illegally monitored by your employers then:
Quit, Report to your fair work/authorities, and move on

Again, got evidence? Go to the employer or authorities.

If you think your life is at stake, get off of Discord and call them NOW.

I have been contemplating about this, I am more concerned of the future attacks that they can send my way I can clean my pc reset etc , but they will attack my network still , how do I prevent this

@dense raft how are they tracking u and how are u so sure?

Go. To. The. Cops.

Been saying that since the start

I think they just want to spew

dont u think teaching him anonimity is a good step too tho..?

anonymity*

He's saying his employers think he killed someone

wtf