Tria.ge is free, you can make an account

@eager knot want to help?

alr bet

you can try and run snort on the machine

but other than that i'm afraid i can't help you since i've never messed around malware removal before

You guys still talking about that malware stealer?

dunno

this guy has a sister that is cooked

Yea already told him just to wipe everything clean on the device and change all passwords.

🔥

honestly deserved

she expects me to have a gods hand and cleanse her pc with my hand

and magically change all her passwords

which she has tons of

what the hell is snort

snorting white powder?

it's an IDS and IPS system

..

can detect malicious traffic on the local machine

explain to me like im a chimpanzee

ok

Have you tried scanning with "Kaspersky Rescue" or "Dr.web" for example ?

i tried malwarebytes

i'd format

honestly

just tell your sister to bring it to an IT guy

he'll do it

If it‘s a password stealer which was executed in-memory your AV probably won‘t find anything.

yea no he will ask money for just a fresh indtall

hmm

I advise you to make several scans with different software with your bootable key

alright so i accept defeat?

I mean it‘s already too late anyway.

indeed

malware is honestly too advanced now

it only takes a few seconds to exfiltrate your data

https://support.kaspersky.com/us/krd18/tools/14221

Do you still have the link of the malicious website or the command she executed?

she doesnt know how to boot from a pendrive

yea

i do

can u try to run it through triage?

can you send it to me. just gonna have a quick look

ok

hi

its not hard

theres plenty of guides on how to reset windows with the usb method

ik

how big was the file?

I tried to download the file but looks like the attacker was smart enough take measures so you can't download the file.

????????????????????????

what

how does that make sense

it doesnt

It's a command that you have to run which will download a malicious HTA file.

And you can't just go to the website to download it since that request will be blocked.

Tried it. Still getting an error 403.

Also detonated in anyrun which also didn't work.

mshta hxxps[://]my-store[.]fly[.]storage[.]tigris[.]dev/v1[.]html?spaceid=11731225&subid=117&spaceid=11731225&su bid=117

Just use cyberchef to fang it

Nope didn't got the original link.
@candid lotus was the one sending me the link.

maybe it has a generating mechanism

But to be fair, there should be more than enough sample that are using the Fake CAPTCHA to distribute malware.

can someone help me with my assignment please im totally lost 😭

whats up

can i dm?

I have some problems with internet do you think i should join the chanel and talk with anybody or is there somebody who should know how to help?

sure

uhh what happened

pv

theoritical question: is there any way to supercede "topper()" in C programming if someone wanted to get into a network by using the caps lock?

Does anyone have an idea how I can fetch my vulnerability tool a lot of CVE’s it uses AI

what tool are using?

Anyone use hackerOne? I submitted my first flag in the ctf section and the other level buttons won’t pop up

Does anybody know of a way that I can hack a Wi-Fi network using my iPhone SE without jailbreaking my phone or using a computer?

OK, I had just read the do’s and don’ts so I apologize

No, it is my Wi-Fi network. It’s my mom’s actually I was just trying to see how I can tinker around with it.

Like I seen this tool and I can’t remember what it’s called but you can knock people off of the Wi-Fi and I was just trying to figure out how to do that

Is jailbreaking an iPhone unethical?

Okay I appreciate it a lot

If its ethical then you shouldnt worry about it. But due to you apologizing I assume its not in the best intentions.

Understandable

how cna i find skmeones name off of their email

#1286135820008296509

"Will we identify someone for you? No."

No.

mb my friend was tryna make me find his

my fault

Why?

cuz i got his email and he bet me 20$ i couldnt get his name off of js his email

Honestly

you sound like a horrible friend

i can send u a ss lol

we play mc together

No need simply no one will help you with that kind of service here

whether its from a open source or closed source it will most likely be against peoples morals

#🕵・intel-and-investigation but you can figure out on your own accord

How about hacking in cod warzone thru console😭 anyone got a trick up there sleeve for that

🤡

I’m new to this whole thing bro never hacked

My bad nvm

Yes you launch your game then press ALT To open up your console then F4 To bring up the menu ❤️

Its preferable if you invest in a separate wifi network from your personal one if you ever do find out how you will "tinker" with it. Don't risk any damage that your family uses. But best of luck, you'll need a wifi adapter with monitor mode and packet injection, along with equipment needed to perform attacks

It isn't unethical but however it does void apple's warranty but it wouldn't matter if its old

first mistake is bringing it to an apple store (they'll just overprice you for whatever problem you have lol)

Store repair vendors? It would be cheaper than going directly to the apple store

Unless neglect or misuse is detected, they do have the power to void their warranty, which should be stated in their Terms of Use

meow

Again, it is possible for a company to void a warranty if misuse was detected. Google.

If you ever go inside an electronic device, and the internals strictly state that "If you see this, your warranty is voided" for example

every company and consumer agrees within A purchasing deal

not like that. Jailbreaking your iphone can still be a reason to void your warranty

its abusing against Apple's firmware that is installed for the consumer

It would be legally applicable to sue a company for voiding your warranty for no found reason. Thats what the act is about

"Apple's stance:
Apple states that their warranty "does not apply ... to an Apple Product that has been modified to alter functionality or capability without the written permission of Apple".

It has been for a decade now. Ever since jailbreaking became the trend within the early 2010s, like Cydia.

im sure apple didn't like how people messed with their products that bypasses their restrictions

I’m making one my self but I want to use a CVE database so I can try and learn the AI the cves

Hey everyone!
I’m Jay and super excited to be part of this community. I’ve been interested in cybersecurity ever since I was a kid. Back then, I built my own game and had a blast figuring out how things worked (and I’ll admit, hacking Roblox games was pretty fun too 😅). That curiosity eventually sparked my interest in pursuing cybersecurity as a career.

Right now, I’m working on my Google Cybersecurity Certification and learning as much as I can. I know there’s still a lot to explore, so if anyone has tips, resources, or suggestions on what I should check out, I’d really appreciate it. Looking forward to learning and connecting with everyone here!

Good luck and have fun

Hi i am new here

how can i get someone infromation from Phone number

my bad

Phonelnfoga is not working

What!!! phonelnfoga is best tool tho!!!

I need someone to check out my computers. I’m pretty certain they have been hacked and would like some confirmation. Same goes for my phone, if anyone does iOS.

iphones cant just get malware

youd have to have downloaded something from outside of the app store and even then

I’m very careful and I run in lockdown mode on iPhone.

get a good av on your pc and maybe run a scan with emsisoft emergancy kit/sophos scan and clean

This is not true. I’ve had my phone hacked and had parts of conversations (personal intimate conversations) repeated back by people.

you mean you can get malware through the app store?

The government and other NGOs have strong hacking abilities for iPhones.

I have a windows server running windows 10 with Xeon processors.

iphones cant JUST get malwsre

is what i mean

It’s a targeted attack IMO.

Yes

No

Because its not common for iphones to be infected

Agreed, but just bought it for running android virtualizer and a bot for a game. Nothing else, nothing more.

Is there a way to protect myself from this happening again?

using a good av

I’m doing everything I’m supposed to be doing.

Yes, sir or ma’am, I know it’s coming.

As for the iPhone, I know when it’s being hacked. Running in lockdown mode, about a week to a day before Apple releases a security fix, both phones get very glitchy. Hang, restart, etc. it’s a patter that I can see. And know that it’s not just happenstance.

I know where you’re coming from and I appreciate that you have people that don’t understand that or don’t understand what lockdown mode entails. This is cyclical. Every release my phone starts glitching. Why no glitches in between? It’s indicative of a flaw being released (publicized) and trying to be used, IMO.

Can you even hack a computer and see if it is being hacked by someone else?

You being hacked usually involves an action done by the user (you).

Usually is the keyword there. I have limited all my apps, my browser activity on my iPhone. The computer does nothing but run bluestacks and esp-TKR

Esb*

literally nothing else. No browsing, no apps, nothing

So…sometimes it just shuts down. No update, nothing in logs about errors. Other times some of the android instances behave as if someone is remotely controlling them.

sorry if this is completely random I just need this as a reference, is 20k or so attempts a second for pbkdf2 with 20,000 iterations and decrypting aes 128 cbc a "hash rate" for being run on an rtx 5090

it's written in ILGPU in c#

They individually (certain instances) shut down. The mouse doesn’t respond appropriately. Just as a couple examples.

There are no errors in the logs, as I said.

Maybe it's an issue with your mouse?

Also in case of shut down. From where did you pull the logs from?

Bought 2 new mouses and it’s done the same with all of them.

Could be a driver issue then. Or a USB port issue.

Who knows.

I don’t remember where I pulled logs, but I got where to look from online.

I was wondering this idk if my implementation of aes on gpu is the most efficient 😅

if if there would be room for improvement etc

It’s not just on one computer. I have a second computer, newer, only running one instance and it’s having the exact same issue. No other players that do what I’m doing are experiencing what I’m experiencing.

True. You being infected would involve you executing something on your device that you downloaded from the internet.

No downloads except for blue stacks and ESB

No web surfing.

ah yes bluestacks, the legal virus frfr

I doubt that basic malware would move lateral from one device to another.

Agreed 👍🏻

what else then

I know there’s a lot that can be dismissed to bugs or whatever. But when there is a pattern, it’s been my experience that rarely is it happenstance or luck.

yes but you have to run malware for it to operate, or do you disagree

I’m willing to pay. Especially for the iPhone.

yes, zero click attacks

Okay. Thank you @last maple

Im not sure if you understand the rarity of something like that but that isnt something every second malware is

Would be a waste to use a 0 click on a random person

apparently every second infected person is hacked with a zero day exploit

I’m targeted. I know that. Nothing illegal. Just got a dea agent in trouble. This is his retribution,IMO.

Zero click and zero day are not the same.

both arent of concern to a regular person

is my point

i never said its impossible

He was a bad neighbor engaging in illegal activities.

I think the zero clicks don’t work since I’m in lockdown mode and disabled iMessage.

I suspect it’s the vulnerabilities that come out with the new versions of iOS being released.

You can’t convince me it isn’t happening. The bugs that started about 1 week to 1 day before an iOS update release end when it’s updated.

Someone has to be able to help me. Monitor my internet traffic? Something. I’m not asking for it to stop. I just need proof.

Feel free to DM me.

There is no vulnerabilities for the new versions of IOS, Its simply no possible and if it was it wouldve been delt with

Its usually people want to get payed find such vulns not bad actors

^

Hypothetically if i was a bad actor and i had any sort of advantage exploit to target a user without any interaction. It would be someone more important and not a random person, again people are usually in for the money

Okay, well that’s something that would make me a target as well.

I keep my investment and bank accounts usernames and passwords out of the passwords app on iPhone.

Its very unlikely you are being targetted on ur iphone the changes are too low

Please know that I understand what you’re saying, and just given the off chance that I am a valuable target to someone, anyone. What then

Ok look, iPhones can 100% be exploited (even with the latest stable releases coming out) with a malware as gruesome as a 0-click and it's happening in the wild. Most agencies work with extremely confidential zerodays to target a high-profile group or individual for espionage. I myself have worked with such malware and I'd say it's not just deployed onto "any" individual as it's an extremely sophisticated attack to follow. Most such cases, a malware uses a vulnerable module as a hop point to escape iPhone's code execution sandbox to gain access to rest of the user space. I've seen many traditional 0-click malware making use of FORCEDENTRY to deploy GIFs containing a malicious document through iMessage because of a zeroday in the JBIG2 image compression codec that had an integer overflow bug, besides disabling the ASLR through a system module (i forgot the name) and which bypassed PAC as well

I remember BlastDoor that was used to escape the sandbox as we had a workaround for it by stationing the code into a custom logic circuit

Point is, it can be done, but it's too much for a single user to create a malware on, as malware such as this and development of it can be only afforded by organizations

And each deployment can cost up to hundreds of thousands of dollars

I forgot but there was a recent patch of another critical vulnerability that led to 0-click deployment of malware supporting multiple apple devices

It was in march itself I forgot the CVE assignment of it

Damnnn

Hi everyone! My Twitter recently got hacked and I have no idea how.😔

I kept getting the emails for a security code (forgotten password) for logging back in but I ignored those as obviously it wasnt me sending them and I thought I didnt have anything to worry about (I get these for Instagram too every now and then). Since I assumed without having access to my email they couldnt get the code to get in. However to my surprise, after a week of trying (me getting those emails and ignoring) I suddenly got an email which confirmed breach in my account. I have absolutely no idea how they managed to get in without the code from the emails (and my email wasnt hacked, I did re-check my Gmail after this to ensure it wasnt them getting access via email). They got in somehow and I got the email that my password was successfully changed, and immediately afterwards the email confirmation for setting up 2FA. This is where I realized I made a massive mistake and it was too late. While my email is still connected, because hacker turned on 2FA I am basically locked out, since I have no access to the code authenticator app the hacker set up with 2FA.

I hopelessly immediately contacted X support and explained my case, but have received no response from them and upon searching online and on Reddit I realized how abysmal X has turned since Elon got rid of all the personnel, and how with no real human support being available for normal users you’re left with nothing.

My Twitter is literally my full name with my own picture, I wasn’t even active on it (planned to be later) and I have no idea WHY and most importantly HOW they hacked me. If only there had been a real human support available on X I could have easily proved identity with my picture and claimed authority of account, but that seems to be out of the question thanks to Elon.

I’m kindly asking for any advice or help anyone could possibly have on the matter. I just really wish I could get my account back😢😢😢

💀

https://tenor.com/view/eating-onion-bunny-cute-eat-gif-5516830027459385151

I'm stuck in this endless loops and rabbit wholes of VMs, I installed "Kioptrix Level 1 machine" using the UTM software on my Macbook M4 Pro, now the problem i have ran into is that when i ping the default gateway of 8.8.8.8 from the Kioptrix machine to check whether it has internet access or not then it says "Destination host not reachable" can't really figure out a solution to this problem and have been stuck in this thing ever since

Pls help, if anyone knows a fix for this

Sorry to hear that well unfortunately we can’t help you with that

@sour bluff do you use the same password for everything?

And you should have turned on 2FA from the start

Yk because a lot of hackers will try every password you have until one of them works for you’re stuff

If you use the same one you’re making it easier for the person

If you have gone through all of the legitimate channels then unfortunately we cannot provide any further assistance.

Uhhh yes some are the same or similar varieties, I do know its a bad idea😅 its just out of convenience even though I know better unfortunately. I just mostly rely on the phone verification for sending codes as security.

Yeah that’s where I knew I messed up and didn’t immediately turn 2FA on after receiving those attempt emails, but I also didn’t even know it was a thing because I hadn’t been active there for so long. I just never thought i’d be a target, my account is literally zero on everything (posts, followers, etc).

By legitimate channels do you mean like officially contacting X support?

Well it wouldn’t be people here no admin or mods I do know that

Correct. Those are the routes we will tell you to go through. Anything else is beyond our scope and against our #📜・rules / #1286135820008296509

We wouldn’t waste are time for a small account you know there’s no point

You should have took extra safety measures to make sure you’re account was fully safe

My apologies, I thought I could ask for help or advice. Thanks for your information

You can, unfortunately there is not anything else to offer if you have changed all your account creds after the breach to secure other accounts. Set up MFA on them and contacted the vendor for support.

Any further action would be account breaching which is illegal in most countries on top of being unethical.

Ima go now

Thx for the help milk

Hi, I'd like to know the big difference between TryHackMe and HackTheBox, they both have good reputations but which one is "better"?

Both are good

Thm is beginner friendly

But htb requires some pre knowledge

Htb is recommended for intermediate to advanced

Ok thank you

hi

i got a Question.pentesting or red team

Same same

ok thank u man

No worries,
Pentesters are just a term for people who test the vulnerability of a system / network / application etc.

The teams just mean Defense or offense
Blue may do some pentesting but ususally will hire Red teams to do audits.

mm, i am learning about network , how important is that for pentesters?

learning about networks is extremely important for pentesters because most of the time their primary targets are networked systems

Crucial

very

Ive worked as a network pentester, it's really important considering how much data gets transferred locally and how easy it is to intercept them

wuts a good place to learn AD from

@crystal lark thank you for hearing me. I really appreciate being heard and having someone explain it like you did. I’m not some crazy guy that thinks the government is out to get him. I’m a guy that knows someone is out to get me. Who, I don’t know. This is really happening and I have proof to back it up. But what do I do if this isn’t some legit government investigation. What do I do if this is someone with an axe to grind? I already know the answer, there isn’t much you can do if they have their sights set on me. I really came here for concrete proof. Hoping someone could show that my phone was answering or sending data to a certain server. I know it wouldn’t change things, but it would help me plead my case to an attorney. I’m not doing anything illegal, but I’m being treated as if I’m some mob boss. Getting get well cards in my mailbox when no one knows I’m sick…

When i type this cmd ngrok tcp 80 they tell that I must have a credit card but I dont have it

ngrok updated its policies so tcp tunneling needs a paid plan and a credit card without it you cant use tcp but you can still use http or https tunnels using the free plan

It's in history when iPhones really lived upto there reputation

I am a bit of a beginner, what would you reccomend my first Linux be?
A friend reccomended Kali, I've heard good things about Ubuntu and Arch, too many options to weight

have you got linux fundementals down?

I am not even sure what you mean by that

All I know is how to navigate the cmd and code in 2 lamguages

i'd say, start with ubuntu

but before you do i'd honestly take a look over here #👥・new-member-guide

there's a study path

Thank you, that was very helpful

Have a great day

you too, gl!

i love cyber security , but inorder to learn that i must know networking is this "Network Basics for Hackers by OccupyTheWeb" book will be enogh for me to learn the concepts of networking , i am new to this stuff can anybody help me

you can try look over here #👥・new-member-guide
there's a clear path as to what you should learn and from where

I have a Kubuntu virtual machine in VMware and whenever i try to make it fullscreen it refuses and just stays the same size and it traps my cursor in the window, i cant move my cursor out of the Kubuntu no matter what i try

Is there any ip grabber that also grabs port?

Capturing ports directly through an IP grabber isn't possible because ports aren't exposed in the same way.

Again people are more likely to sell off such exploits since they range from 100,000$ up to a million. Its practically unheard of for someone to go around targeting random users with a zero click with full kernel execution or even a kernel PAC bypass. Atleast i havent heard of anything like that happening on any recent apple build

I understand your situation and its natural to be paranoid about this. Unfortunately though we couldn't do much online since you'd have to intercept inbound and outbound traffic of your phone to acknowledge the presence of a C2 server your phone is responding to. I'm not sure what proof you have that confirms you're being targetted, but you could always check for abnormal internet usage from your phone, quick battery drain, overheating or strange behavior such as apps/files disappearing on their own. These are (not necessarily) signs of a compromise, but these symptoms may be false positives if your iPhone is old

iPhones are pretty secure if you ask me, more secure and contained than Android obviously. They're complex to break, but they're being broken regardless and the price of the poison is too high

Exactly. It's too unlikely for him to be targetted by a notorious group or an org, but yes, the newest apple build 18.3.2 faced a critical vulnerability pretty recently which held capability to reproduce such an attack along with numerous other apple products. You may find it in the NIST database its rated 8+ as far as I remember

Obviously you wouldn't hear the news of it, because exploits like these are meant to do business. Not everything is meant for the public. That's how groups like NSO and Intellexa function

Exactly ^

Perfectly said

Hey guys basically my old YouTube account (when I was 7) has my face and my family’s face and private info I forgot my password and it’s honestly a risk can anyone try and get the account?.

No. People cannot get the account for you.

But your alternative will be to make a report to youtube its self regarding the account and situation

If you are in the EU theres something called a GDPR for privacy laws to request on removing any personal data.

if that doesnt work it would be best to go on youtubes complaint forum and report the privacy issue driectly to them

I’m in Aus so idrk

But you will need to require some sort of evidence if request by the agent you would speak to

I’ll go straight to the YouTube complaints then thanks man

I think im not 100% sure but there should be a general data protection regulation for Australians

Its under australian privacy acts i could look into it for you and make sure that im correct

but for now work on the complaint form and try figure it out with youtube

if that doesnt work there is another altnative

to take it off google's search entirely by making a privacy act too google its self but that wont stop other search engines i believe

Well regardless being broken is the point... I've kinda lost trust in their brand now

so i need help with meta world, my fiance account got banned because of word mouth. i need help

they gave her a temporary ban but it came warranted

unwarrented***

especially if your in the uk due to the recent privacy concern..

contact support if theres no clear appeal process contacting meta support through their website or the app might be an option

Yeah , I mean I don't know if it is true or not but I heard they intentionally install a infostealler on your device

No not a infostealer. They just allowed the government to have unencrypted access to all Cloud services on apple.

Which of course is a horrible and disgusting privacy risk

So they were just rumors I see. Well , if you really want privacy right now you neeed burner devcies tho not many can afford ... now privacy have become a rich thing tho it was suppose to be for all.

No No i have a burner and its not a extreme privacy issue like its all encrypted but not to law enforcement or government officials

I dont do anything illicit or illegal so they would and never will get a reason to see my data

Ahhh .. I see

You should rather try and secure your account.

I understand but they logged in withy password and messaged people and logged out without changing anything. I've lived alone for quite some time so no way for anyone to have it!

There are multiple ways how you got your account compromised. This can range from running malware, re-using the same password that got leaked by a database breach, using a weak password or you fell for a phishing attack.

can i get some help in analyzing a pcapng file

?

Hi

Launch Wireshark and open your .pcapng file.

bruh u know that lmao

lol

i am extracting zip file from the pcap file and putting credentials that i found from the same file in it , but they are incorrect..furthermore , the zip files appear to be invalid isk why

I got stuck. My VirtualBox is not support usb devices. It shows no device available even though I attached my wireless adapter with my laptop

This was happening since Last night , since I updated VirtualBox 7.1.6

Hello guys , I've recently started working on a web scrapping project , but I have some problems when I am trying to get the data from different cars selling websites . Is here someone who can drop me a tip on what I should do ? Thanks

If you're dealing with dynamic content try using Selenium or Playwright If it's just static HTML BeautifulSoup should work well

Hmm , I am using Selenium but I usually get blocked after first search , I get 403

maybe I need to create a fingerprint

Brothers can anyone help me study cybersecurity

Im a begginer with no knowledge

#👥・new-member-guide

Im a beginner with no knowledge and wanted to get into CTF. However, I have no idea what I am doing. Can anyone explain how to get into CTF? I have tried to watch youtube videos, but I have no idea what is going on.

Hello guys, which is the best way of learning pentesting? (I want to become a great white hat)

Check out #👥・new-member-guide

I need help anyone is here 😩

guys i saw a video guy changeing his ip in like 3 secs i followed the steps installed tornet it worked but does it rly work?

i havent taken the time to check through it but doesnt the repository only have like 5 likes?

its pretty sketchy

hey umm anyone knows how to run .elf files extracted from pcapng files?

I'm doing the wazuh install https://documentation.wazuh.com/current/quickstart.html for the SIEM

I've downloaed the wazuh-manager and have the password and such for the dashboard, but it says to use https://<wazuh-dashboard-ip>:443 to access the dashboard, which IP is this? I've tried my IP, that doesn't work, and I've tried the ip's listed on my ifconfig in linux

Anyone have any ideas?

ask gpt maybe

tru

GPT to the rescue

it worked

Guys my discord auto joins servers

Plz help

It is not hacked but I did joined a server where I ask for verify after that it auto joins server

check authroized apps in the settings of your discord client.

I am using it on my mobile right now where it is in mobile

still in settings

under section "authorized apps"

Ok thanks

Need help with wazuh, I setup the agent on my windows PC, but its not showing on the wazuh dashboard, my VM is set to NAT which I believe I need to port forward for the VM to get connections from host i think?

I set up an ssh port forward but not sure i did it right, any ideas?

Hi

first time asking a question. played an anonymous message game with my course mates and there was a de*th threat, is there any way i can know who sent the message, ip, number or anything that can make it easy for me to know who the person, please suggestions

💀

💀

💀

https://tenor.com/view/i'm-dead-funny-skeleton-sans-papyrus-gif-2132669921550265983

No, accept that youll get that type of shit when your online. It sucks but thats just the internet

#1286135820008296509

we dont help with things that can be done or used for unethical/illegal purposes

I am at beginner lvl 1/10
On coding

#👥・new-member-guide

I got myself old school display,cos I just want to try it out too ,

Yh there already

why is their no section for tools ??

what type of tools do you need

well technically there's #🕵・intel-and-investigation

Does anyone in here have a way of making any money? In dire need rn, for rent for this sober living, iv tried reaching out for resources and no one will do it because it’s a sober living.

I’m in college and I don’t make much money.. but now I am almost completely broke.

none thats instant or very fast

you need experience or will to learn

for them

Sure what is it ?

Message me

hi guys so in the past month I've had roughly 4 login attempts into my steam account from all over the world, my password is pretty good security wise so I reckon it must be a trojan or something similar downloaded to my computer, would amy of you know a low cost/free amtivirus that could reliably scan my computer and find the issue?

malware bytes
clam av
kaspersky

thanks man appreciate it

Now tell me. Is there a good market for insider threat detection and mitigation application for companies?

It could also be that some of your information has been included in a databreach, I recommend checking if they were.

1. I have no idea how to check that. 2. I have changed all passwords since the last one and it happened again

By chance, have you checked other logged in devices through your discord app? That’ll confirm if there are any other logged in devices

yeah man it only says my phone and pc but I keep getting the 2fa codes sent to my email and if someone happens to get that then they can obv take my steam account too

Yeah it’s highly likely that your information was included in a data breach

If you really want to get rid of this you might want to change your email for temporary basis

I don’t know how far that can help you but it is something

hey man thank you so much I really am a very beginner at all of this cybersecurity stuff so I appreciate all the help I can get from you guys more experienced than me

No problem, always here to help and share knowledge.

bitdefender or kaspersky

sophos and emsisoft are paid but have second opinion scanners

also id use 2fa with an app like google auth if i were you

also check your password/email for breaches with https://haveibeenpwned.com

what do u already know in terms of cybersec?

just did a scan for data breach

a good few on some telegram channels and a blackhat upl, what should be my next step?

change your password

use a password manager (bitwarden for free) if you dont already, and a 2fa app like google/microsoft authenticator

• change your email passwords
• change all accounts passwords
• enable 2fa on everything
• log out of all devices on all apps

yeah for sure man thank you, I was really stressed for a minute there

still scan your pc for malware though

i recommend emsisoft emergency kit, sophos scan and clean or a full av (bitdefender or Kaspersky) for that

How do I learn how to hack ig account

#1286135820008296509 #📜・rules

Hacking social media accounts is unethical and illegal

How are you trying to be a white hack and ask a question like that?

https://tenor.com/view/wolf-gif-9684079888958277263

Hitman pro*

Ente auth is more better its OS and it looks better

Does anyone know how to delete Kali Linux

depends, where do you have it?

As my primary os

You installed Kali as your primary os?

Dual boot?

Or deleted the windows

just my primary os

Is tryhackme's paid version worth it to begin learning about cybersecurity or no?

I would say it is, same with htb

as for which is better idk

Go with HTB first

It gives u a whole section for education

I am a complete beginner for referance and also if any ogf you guys learned anywhere else and found it a good beginner friendly experience I'd love to hear aswell because I just have no idea where to even begin yk?

and starting point for Cybersec

HTB should be ur first option

then Try hack me

try hack me is more straight forward and much easier to navigate

with more indepth explination on subjects

but hack the box will give you the essentials

and fundamentals

What no?

Books, Hackerone, vulnhub, pwnguide, and my absolute favourite Parrrot CTF

thm is way more beginner friendly

Yeh its easier to navigate for beginners

also you should rather open the person to more options and show your opinion instead of trying to force it onto them, no offense.

what?

^ I did give them options.

ah sorry noticed that after I typed

all good

tysm guys i appreciate this alot

however this does leave me with the question, htb or thm first?

THM

U will have more luck with it

then move to HTB for more fundamentals

https://academy.hackthebox.com/

This is the education center for hack the box

The walkthroughs and indepth explainations are everything someone needs

also i am wondering would certs from things like htb help me land a place in uni or just in the job field

Theres also a few books i think u should look into

pentesting by georgia weidman

pentester blueprint philip L

Not really Certs dont work like magic

they are only good on paper yes they do make stuff easier

but its better if u go on a org cert

look in #📜・certs-and-career

#💬・certs

I tell people this all the time In my absolute opinion Uni is not worth it.

If you are getting a job then get something you enjoy so try out with college or internship or apprenticeships

internships are the absolute best for contracting and education while on site pay

Its the most logical step in my opinion

would it limit my job options at all or no?

yes however you can do it without too, as long as u feature an eye catching resume :)

scored a network pentester job by 17 with no cert making roughly 6 figures

I didnt even know HTB certs would help

thats good to know

huh

no I meant certs in general

that is incredible oh my lord

ohhh fairs

i am 17 currently struggling to find work in sevice industry

Are you in the uk?

republic of ireland

thats perfect

try looking on gradcracker

ive never heard of that

And apply for some interships

on jobs of ur liking

best of luck!!

make sure its not over a 1 year duration contract

incase you want to switch your occupation

would they even accept me without any previous experience or certs or anything?

Absolutely thats how interships work they give you both education and pay

Dayum, nice advice kat, kudos

❤️

previous experience is the tough one

but yes

oh yeah for internships

omg I should be more attentive

so roadmap wise, thm, htb, books, internship ion that order?

always put fundamentals first and see what you enjoy

because i still have until i think May-ish 2026 until im oat of highschool so internship not yet an option anyways

no point of working in a enviroment you hate

^^

Honestly thats perfectly fine it gives you so much time to evaluate what your good at what you like what you want to do and explore the fields

kat do u currently work in cybersec or is it on the side hustle?

something like that

something like side hustle?

nah just work

fair enough i will ask no more about your occupation lol

Thank you ❤️

Best of luck man feel free to ask more questions anytime

i appreciate your help alot man

thank you

No problem

goodluck man!!

thank you!!!

Yo

helloo

hello? is anyone here?

I got fu*ked my self , accidentally removed my inbuilt wifi card through cmd prompt while activating my wireless adapter by guidance of chatgpt. Never trust that shit again. Want to install my card again , anyone who helps me in this situation ?

@last maple

Yeah

Hi anyone here

👋

👋

👋

Hey I’m using bettercap and hsts command and it’s not working it’s still showing the website as https dosnt spoof the domain

Soooo I took the ISC2 CC cert test today… failed and now I’m questioning my competency in Cybersec

DNS spoofing is impossible on https domains

most routers have protections against that as well.

I’m using better cap hsts

wdym

I thought I could spoof the name and change it

you can, only for certain websites

not HTTPS nor HSTS ones

You also need to void the CSP of the website and then downgrade to http

Csp?

content security policy

I did that and no matter what I do it still comes up as https

I’m trying to do it with Google.com and google.ie

yeah.. which use HSTS

you're not gon dns spoof google

I was watching a video and it said you could dns spoof

Why not

Not google

Learn about current defense mechanisms

HSTS

CSP

DoH

etc

They prevent it

Then why in the video he was successful doing it to them

on Google?

Yes

mind sending me the video?

It’s a Udemy class

they could've removed their dns configurations or use an mitm cert

Which is something you'd have to install on the victims device

Do you arp poison the network before u dns spoof?

also do u do it successfully? Like do u check after

He configured on bettercap to spoof domain name from Facebook.com
To facebook.corn

No it’s still showing secure

What was his course of actions?

All cimmands

I am genuinely curious how do I know if my phone is hacked

I got some rando that spofted my email saying they have access to my account

https://youtu.be/WRWOgToDDtM?si=CGkdQn_LdaZFiDux this is kinda the same video

.

Would you guys recommend using a separate computer for cybersecurity/pentest etc, or will a general purpose PC/laptop work just fine?

???

Can anybody send a good beginner friendly source material for email analysis?

https://tryhackme.com/module/phishing

Hey guys, i wanted to get into networking and just installed Kali on my VM, but i dont know what to do or where to start. Should i start on HTB?

I have completed my networking and basic Linux commands,what's next?

You can try out tryhackme, it's ui is a bit more beginner friendly but if you want you can do both or only htb (like me)

get you boss, thank you

Next is operating system fundementals, and scripting language

Quick question
Should I get tryhackme or hackthebox?

For beginner I would say go TryHackMe.

But HackTheBox does have HTB Academy which is more of a guided approach.

Thankk you

Which of these platforms would be great TryHackme, Let's defend, Hack the box, INE, Cybrary, Rangeforce, Blue Team labs

They're all recommended 👌

Hi everyone im just new here

And can someone help me retrieve my Facebook account?

I lost my access on it

I hope someone would help me

How can I bypass iCloud on iPhone 12

You'd might have a chance with Facebook help center, if you don't have an email or phone number linked to your account for whatever reason.

You'd have a better chance of getting an answer asking Google

My google account is link to it but i can't get a code from it

Contact their support, if you do have an account linked, they'll fix your issue with no troubles

Contact support

We do not hack accounts or retrieve them as it can be used for unethical or illegal purposes, aswell as the fact that it's impossible to prove its actually you. Refer to #1286135820008296509 #📜・rules

your best bet is to contact support

I have no way with words

Any tips on the best way to learn the material in the A+ book because its a big amount i atleast already know 40% or a bit more from common knowlage but I want to get a destiction at my university

netcfg -d
netsh winsock reset
netsh int ip reset

😭 😭 😭 😭

It was like " oem11.inf "

Yes but with yellow indicator

Can I get you in personal chat I want to show you a pic of it is looks like

Did it bro , not working. Restarts many times

In properties it showed that the device settings not migrated

And information says , require further installation

Yes

But not worked

Is there any command to reinstall .

?

Ill put a reminder in ur dms and ill get back to you after my friend replies hes in uni and he's finished his 7th edition A+ core 2 exam he might be able to give you some insight

hi guys i need help. my friend is getting some email related to personal life. how do i trace but the sender and find some info about the sender ?

#1286135820008296509

ok my bad

Allg

Just report it to the police if you think its serious

ok

Depending on what the info is I would say read the email and see if any of the info is potentially public info or data breach data. There are a lot of template extortion emails going around about them knowing where you live with a street view image of your house. If the email has a crypto wallet or gift card request it's always a scam and can be ignored. But I agree with going to the police

ok thx guys

Eid Mubarak everyone

Tomorrow is Eid

Khair Mubarak

I think is the right response at least. Either way have a blessed feast

dude, i am trying to do a 1 tool a day from now on, but i cant even get john the ripper to run properly. Is this what being a noob feels like?

my steam doesn't connect after i downloaded something but idk what it is specificly is there a way i could find the program?

your running it on Kali?

it's best to first learn fundementals first

What do you mean by fundamentals??

the basics, aka linux basics, networking basics

to the books?

it can be

if you like reading books then you can study it by reading

there's also tryhackme which has a path

in htb i know they specifically have a category with hashcat brute

never got to that yet but i know how to use hashcat generally so that isn't a problem yet

I got it to finally work, i mean john, but you might be right on that. I might need the basics first before i start messing with tools

you can get a clear path to what you should be learning here #👥・new-member-guide

but i shouldnt had made the password so hard. it still going at it.

well it depends on the password and your computer resources, something that's worth noting is that john uses both cpu and gpu power while hashcat uses gpu power

i got a 9750x amd cpu @eager knot . But its not like i made it impossible lol. its I@mn00b

but thank you @eager knot i will start with Linux Basics for Hackers

no problem!

hi my name ic nico im from sout africa i nee help my googel hows hack i nee help

If you think there is a issue with your Google account and you're still signed in to your account. Then refer to these methods

#👥・help-me message

And if you're locked out of your account by any chance... It's better to contact support

Can anyone recover a wallet.dat file? I forgot the password

You still have that file onto system you just forgot the password right?

Yes, I have private key too, but forgot the password

I just found a note-to-self email in my junk mail saying that I've been hacked.

It claims that I have Pegasus spyware on one of my devices.

I have Avast on my mobile.

You can import it into a new wallet... Maybe.. I think it's better for some else who use Cryptocurrency wallet answer cause I don't...

Sorry

import the private key into a new wallet

Umm that email itself kinda destroys the purpose of spyware and if it's saying they'll protect you from that shit and all don't fall

So how were they able to email me from my own account?

And I'm not replying to them.

In manage devices section see if their is a device logged in you don't recognize

Spoofing

No access to anything needed

Its a scam

That's also a way

Okay. I'll do some research. I did find this:
https://answers.microsoft.com/en-us/outlook_com/forum/all/scam-email-ive-been-hacked-email-sent-from-my/6346d618-b64c-4b18-9d9b-003019da8c35

Yeah just do what the support guy said about making sure, but i guarantee you its spoofing

Hi everyone, I am new to Linux, I have installed kali on my laptop but there is an issue. I am unable to connect it to my second monitor. The laptop is an MSI Katana and it has two graphics cards, an intel and an nvidia and the output is HDMI. I have tried running all sorts of commands like xandr which did nothing and tried installing the drivers for both graphic cards, but for some reason, the 2nd monitor will still not pop up in the settings manager -> display menu. Has anyone encountered this issue before?

Okay. I'll go through the steps. Thanks everybody for the advice 💡💯 usually I can spot these things, but the email address looks exactly the same so it threw me off... cortisol and adrenaline is at peak maximum 😬 I'll calm down and not freak out 🥺

you can try using the command lsusb to verify the seconds display is being registered by the system

You may also find it using screen -list

Try both connected, and disconnected, to make sure you identify the right monitor. Then come back with the results

thanks

hey guys...i need help ive been trying to configure whonix on kali virtualbox VM...and i doesnt connect to the gateway but whonix workstation does and ive tried everything including disabling all firewall rules on both machines but it aint working ...SOMEONE PLZ HELP😭🙏🏻

I don't have any knowledge about recovery, I don't want to risk loosing it, I'll send you the file if you can help 🤞🏻

Trying to find the owner of this ip adress 173189134143

We dont help with unethical or illegal activities

Hey I have a spare Rasberry pi left over from one of my school projects, I wanted to know of any useful projects I can do with my PI

which pi?

heavily depends

I have a usb encrypted with APFS can anybody help teach me to decrypt it as I forgot the password

Apple support

I can’t get the hash? I know most the password just forgot part of it

Explain to me the whole situation, im confused

So basicly I encrypted a usb on my Mac a year ago and when I created the password I left 3 hints as its 3 parts. I know parts 1 and 3 but not 2. I was wondering if it would be possibly to brute force the usb using Kali Linux and a password list generator?

i don't know about brute forcing 3rd party apps that are not related to web application
but you can try creating a python script that types in certain passwords from a wordlist each time

it should be relatively easy

Yeah that’s what I was thinking, only problem is my python skills are only at A level (uk education system) and iv run out of chat gpt uses for the day

i'll give you a library that you can use to automate clicks and typing, it's called pyautogui

thank you, should just be a case of finding something to create the world list then

you can also manually create it too

but yes you can also do that automatically

you can use cewl in kali linux

that's a tool i'd know that generates custom wordlist

based off of input i think

thank you fingers crossed it goes well

A girl friend got total acct info of couple but can’t withdraw off 100k help me…help me please

We do not hack accounts or retrieve them as it can be used for unethical or illegal purposes, aswell as the fact that it's impossible to prove its actually you. Refer to #1286135820008296509 #📜・rules

Hope this helps

Damn, when did do-do-not get blapped? 😆

That uhh.. kinda sounds like attempted theft when you phrase it like that?

Thank you Dazana. I’m a published author and was moving way too fast there. This is for fictional purposes, but thank you for bringing it to my attention. When I realized I had a resource for authentic material I shot off like a fully automatic rifle. I appreciate it, the last thing I want to do is misrepresent The Sect. I will stay aware of the fact that my actions reflect the group as a whole by my association moving forward. This type of guidance and the great examples of ethics and morals in a swift growing world is why I joined and respect The Sect and its members. Thank you again @desert torrent 🙏🏾

Well, that's a new response, fair play

I'd be cautious asking things like that in public though

And thank you too @halcyon flame. Won’t happen again guys.

My pen name is Ma$k Twain$, I’ve been published out of the University of North Texas’s Mayborn NonFiction Literary Conference contest twice if we have any readers in the house BTW.

If you're looking for insight, I'd just flat out ask, although I suppose you just got insight as to how ethical hacking communities react to such requests

#Facts

Now I have an alternate reality version of Neuromancer, where Case is a hopeless pleb running around the Sprawl asking for people to break ice for him in my head

🙄 what just went over my head

Burned by Prime Energy, Case - a Skid - crawls through the underbelly of society, all doors closed, seeking for regained access to their grandmothers Instagram account

Neuromancer by William Gibson, check it out 🙂 Excellent novel, and series of books

It's where the term "Cyberspace" was first coined IIRC

Ah, was in Burning Chrome the first appearance, another by Gibson

The term cyberspace first appeared in fiction in the 1980s in the work of cyberpunk science fiction author William Gibson, first in his 1982 short story "Burning Chrome" and later in his 1984 novel Neuromancer.[12] In the next few years, the word became prominently identified with online computer networks. The portion of Neuromancer cited in this respect is usually the following:[13]

Cyberspace. A consensual hallucination experienced daily by billions of legitimate operators, in every nation, by children being taught mathematical concepts... A graphic representation of data abstracted from the banks of every computer in the human system. Unthinkable complexity. Lines of light ranged in the nonspace of the mind, clusters and constellations of data. Like city lights, receding.

https://en.wikipedia.org/wiki/Neuromancer

It touches on fictional security in a futuristic world, but Gibson honestly got so much right

..but above all is a freakin amazing story

The film Johnny Mnemnic was based upon a story by the same name, included in Burning Chrome https://www.imdb.com/title/tt0113481

https://en.wikipedia.org/wiki/Johnny_Mnemonic

Ok, brain dump done 🤣

@halcyon flame I need you...

For?

I think there's smth wrong with the module in HTB Academy (cuz I got the correct creds but rpd says I cannot log in)

Please speak with support, I cannot help

oh okay

If you can't login, then the creds are not correct, or you are missing something else

Sorry I can't be of more help.

nah they are 1000% correct

its ok, thx for response

Note that it is like 0400 for a large portion of support staff, but they'll be back later in the day

just found out what was wrong (the creds were correct but one thing was misleading thats why I couldnt get it to work)

run app as admin . . .

Oh no

YEAAAA

Well.. well done figuring it out 😄

2hrs for this... i'm done for today

It happens

If you believe the module was at fault, please do feed back to us if you want

We do action it 🙂

I keep getting error processing package going 3 samba configure ?

i have cryptography challenge can anyone help me with it its regarding aes-cbc

How do I bold-text like this 😦

select the text and ctrl b

@halcyon flame Need some help regarding some responsible disclosure..

Sure, what's up?

Thx for response, hope you dont mind if we move convo to dms

@halcyon flame accept request plz.

Sorry, discuss here, I don't accept DMs from those I don't know.

Happy to discuss it here

Atleast guide me towards someone ethical and reputable LE personnel, if you dont mind.

Or if you could give a few minute on vc to me, thats also fine with me.

@halcyon flame

Responsible disclosure isn't that complicated of a subject, what's the problem?

@primal haven

Besides, the conversation may be useful to others wondering about the subject themselves

If you can't name names, then don't, but I am happy to give advice about the subject.

the topic revolves around backdoors

And?

Either spit it out or don't, makes no difference to me

respectfully sir, but whatif it affects me?

Thats why i ask, only if thats ok with others.

Surely you can put your question forward without identifying either yourself or the party it's impacting?

LE personnel?

What is LE?

law enforcement

What..

Surely you know how to contact your authorities?

Ok, whatever.. I'm here to give advice if you want to describe your concern, again without any identifying information

If not, then also fine, all the best

I've just been trying to help, but I can't help without knowing the question or concern

If you're concerned about sharing something here, and will only share in DM, then it's likely it may be against #📜・rules, or something you should not be sharing with a random person on Discord.

Just my 2p

Do you mind hoping on vc for a few minutes? I just want to talk, and gain insights from the industry experts, i hope a public vc is ok with you?

I'm afraid not, it's very late / early, and again I'd prefer speaking about it in text. If you don't want to speak about it here, that's fine, and I hope you find someone to speak with.

oh ok thanks man really apreciate that

ah yes i forgot to say my friend said there should be a study guide given to you since it was bit ago he doesnt remember well but his method was that he photocopied the stuff he wasnt too confident on and uploaded them to a tool called koodo reader which gave him a upper hand on understanding and highlighting and taking notes

Hypothetically speaking, what to do if you find yourself in this sort of situation..

https://arstechnica.com/security/2025/02/android-0-day-sold-by-cellebrite-exploited-to-hack-serbian-students-phone/

You deal with it

start learning opsec

and reset ur devices

then be cautious from then on

Thats a vague, obv solution, however I mean to ask the question in a serious manner.

@maiden charm give a look inside #

#1308074801532899440 #1308074801532899440 #💬・vulnerabilities-and-exploits

i need some help

I've had an IP address logg in to multiple accounts on my phone. Trying to find out who it is, can I do that in here? 173189134143

we can't help you identify the person, however you can use tools like ip lookup to see where the address is being provided from

I want to learn how to hack

I am only a beginner

#👥・new-member-guide

opsec

j answered seriously too

Can you teach me how to hack

I'm at my computer

i gave you resources to study dude #👥・new-member-guide

take a look at that channel

Ok

How can I make money ?

by having a job

Job

HAHAHA

nice timing

lol .

You’re right

How do I steal money

Through cyber security

Too said I have a broken femur so no working for next 9 months

Work from home

you don't. That's illegal and unethical

But that's what hackers do they steal your credentials

Yeah

We're not teaching you how to be a cybercriminal

Too young to do that . And I got school

Neither do we wanna be liable for your shit

And that's that's what I would like to learn

No excuse!! I got a network pentesting job by 17

Started as an intern by 16

how old are you

Me

How do i apply

yes

18

Learn and grt the skillsets first

And were not teaching u cybercrimes

i heavily suggest you not

Especially don't wanna be liable for teaching someone who'll deffo get caught

regardless of age

but i feel like at 18 you carry more responsibility with your action

Age doesn't matter it's just a number

and a jailcell is just a room

But just because I'm 18 doesn't mean that I would not do it

bro?

Bra

Well we're not teaching you either way.

if you do it you'll have a free ticket to jail

I'm glad you admit to cybercrimes so easily

We're not gonna be liable for when u get caugjt

Thus we won't teach

Also have some morals

Will you?

I want to hack the scammers computer

And I won't get caught

ok

right

cuz you'll what, use nordvpn?

Hahahhahahahahhaha

#rules

#dontfollow

Can I use any disc

This is crazy works....

#💬・old-gen-chat message

Anydesk

#💬・old-gen-chat message

Can I use it

#💬・old-gen-chat message

#💬・old-gen-chat message

Buahahhaha

😂

I hate this variation of bro 😭

😂😂😂

how dude,

Vro it's not even that deep, just think about it cro

Cmon jro

Hi does anyone know how to setup android emulator and run adb commands in kali ?

You mean Kali nethunter?

kali linux

I was trying to setup android studio inside kali linux

Ooh

was that a bad idea?

i just googled what nethunter is
didn't know it before

i thought you meant running kali on a phone

my bad

no worries

you can help?

I have windows 11,
I am having problems setting up hardware virtualization when I try to use sdk manager,
so I tried using a ARM based system image instead of x86_64

but then android studio gave the error that
can not run arm system when host is x86_64 🫠

then I tried using qenu something

I did research for you

    2.    Open Task Manager → Performance Tab, check if Virtualization says “Enabled”.
    3.    If it’s off, reboot into BIOS and flip the switch for virtualization tech.
    4.    Back in Windows, make sure Hyper-V, Windows Hypervisor Platform, and Virtual Machine Platform are either all ON or all OFF depending on whether you’re using the built-in Android emulator or something like WSL2.

I have a request I have a 3.7V to 12V converter, Batteries, USB C port Small ON-OFF type button and batteries how to put it all together to work with CYD I have a version with USB C and micro port? the goal is to add a battery to the device thank you for your help because I am a beginner user

1. There was no option to enable virtualization in my kali linux vmware
2. Yes, I checked it says "Enabled"
4. They were all ON by default, still I tried disabling Hyper-V, Windows Hypervisor PLatform, and Virtual Machine Platform, then restarted and ran VM ware, then I got the error seen in the image below.

Thanks for helping me out though. It really matters to me.

and ig the server doesn't allow newbies to upload image I assume?

You're trying to install Android studio on windows 11 and it's saying that the Architecture is not supported Am I getting it right

Is there anyone have an idea on how to retrieve a wifi password cause i has been hack, im just a student just recently learn coding right now so i have no idea about hacking

Nana I have installed android studio inside kali Linux vm

check the router of the wifi

And then?

then you input it

the password is writtein on the back usually

And then reset tha router?

why owuld u wanna reset the router

Because its being change tho

https://tenor.com/view/eating-onion-bunny-cute-eat-gif-5516830027459385151

??

wdym

maybe he thinks someone hacked his router

@supple grail @eager knot offtopic but holy shit i just scanned a skid's "black hat expert" website which has minimal entries and i got returned 119 lines of response with like 15 open ports including SSH, anonymouse ftp, smtp and unauthorized + outdated SQL

LOLL

https://imgur.com/a/a3vhW99 https://imgur.com/a/3slN1up

his website is so easily hackable yet he pays for his own domain

Im really have no idea what going on on my wifi i think its broken

then factory reset it or contact support

thats crazy, i dont know what half of that means but when i see 15 open ports i understand that its bad

so

smtp is an email serivce

i can use his server to send out phishing or malicious emails

or just create my own

i know SSH is secure shell

with his own domain

then sql is a database, unauthorized means literally anyone can connect

i can just wipe his database

entirely

where does one obtain this knowledge

huh wdym

knowledge of being able to secure a website so well 😭

no like the typa stuff you know

oh i barely know stuff abt websites

im mostly into network pentesting

neither do i 😭

but llike i just did some ctfs on hackthebox

hm

@supple grail i have access to his ftp

should i upload like a txt file

write sometihng to let him knoiw

https://tenor.com/view/dozing-sleep-nodding-gif-11362274

file transfer protocol

basically access to the file storage of the server

My discord crashed on laptop

Something like "why is your front door open?"

I don't understand how you can even like get access to ftp

So these my be 😲 the best action should i do in my wifi right now thank you bro

1 command

ftp <ip address>

Oh

Wait you don't need a password?

not if he doesnt set it....

...he didnt set it

hmm lets see

the sql

database

Wow, what a genius person

lmao

this looks too good to be real

is it a honeypot

no hes an actual kid on this server

who is it?

;#

Not always, depends if a password was set by the person 🤷‍♂️

i dmed him i got a

competely legal

opportunity

to install a reverse shell on his system

waiting for reply

Cool

Shessh

hm

i shall leave

a message ;3

brb 2 mins

did you just do something like nmap -sS <ip> to scan the site?

or was it something more complex

-A

Can i learn i little from you bro @spiral notch 😁

most aggressive option in nmap

oh

so he didnt even have a firewall

no

https://tenor.com/view/hamster-flip-hamster-huhahaha-slow-mo-hamster-scared-silly-gif-2425839548474109374

im not good at this lol

its rather how bad he is

also im a bad teacher

hm i should consider getting a whonix system fr

Umm vms aren't ideal to run Android studio.... Otherwise you'll require a nested virtualization... It would consume resources then Android studio itself consume resources not a good idea if you ask me

either way this isnt any cyber attack or anything @brisk spoke