this discord is amazing and I’ll learn

feel free to pm

start with python use basic anomaly detection read about insider threat patterns use sample log data build simple detection logic use matplotlib or streamlit to visualize

check research journals like jmirmhealth or pubmed for experts connect on linkedin or researchgate look for authors in recent ehealth publications they often share insights and contact details

check out organizations like himss which offers resources and networking in health it also explore courses on coursera or edx about digital health and health informatics

check contents of zip and bak files test php files in browser fuzz parameters look for upload pages or lfi vulnerabilities

Damn. I got ignored

mount iso use rufus or wintousb set up windows on ssd reboot and select ssd as boot drive

Repost

I'm running linux on my primary so I don't have Rufus

It sounds like you think I can do it though. So that's good

@desert torrent you can use tools like woeusb or ventoy on linux to create a bootable windows installer then install it directly to the ssd just make sure to select the correct target drive during setup

Hi all i've been added in this channel for a long time ago i guess but i never be active on this channel

I've been worked under a sector called BPO where I help customer's problems to be resolve and basically troubleshooting
I want to swtich over my carreer to cyber sec I have my udemy access and I have a basic knowledge of what is this domain and how this works, I just want help people please help me I have interest in cyber sec but don't know where to start and i by AI suggestion I have started with OSINT basics, I do have a confusion whether i be in red or blue team and which side do i want to take to upscale my career path so kindly do suggest some course as well as some youtube videos to clearly know which side do I want to take
Note: I have just installed kali using virtual box is that okay for learning or do I need to dual boot my machine to use full capable of my machine, I know that linux will run on lower config but I need a suggession Kindly please help me if anyone mentor me It really helps me to pursue.

#👥・new-member-guide

Pick what you like (red or blue teaming)

Kali on virtual box is fine

Nd also you don't have to tell where you live etcc , maybe delete that part

Take your time explore both paths and you'll naturally gravitate toward what you enjoy most

Thank you so much for the reply

do you guys know any active forums where can I discuss with the members about this?

Here

69k peeps here

Hey guys as u may or may not knwo empress's qracks dont work on the newest win 11 so im trying to dual boot win 10
is there a easy way to dual boot without a usb (no vms)

hello! i take part in hackathon and there is task to create an APT detection system and insider threat detection system! this is my first hackathon and i need help
can anyone help me out!

hey guys i has a rasberry pi how can i use it on my main pc like a virtual viewer + input

How can people get your ip without pressing on a link

Peer-to-Peer Connections: When using peer-to-peer applications (like torrent clients), your IP address is shared with other peers in the network. This can expose your IP address to anyone you are connected to in the P2P network.
Online Games: Many online multiplayers and games can expose your IP address to other players, especially in games where players connect directly to each other (P2P) instead of through a centralized server.
VoIP Services: Using services like Skype or similar allows users to view each other's IP addresses during calls if not properly configured or secured.

Chat Applications: Some chat applications, especially those that use direct connections between users instead of routing messages through a server, can expose your IP address.
Web Server Requests: If you join a live chat or forum that requires your IP for login or participation, administrators of that system can see your IP address.
Malicious Software (Malware): If someone manages to install malware on your computer (e.g., through a Trojan), they can access a lot of information about your system, including your IP address.

Social Engineering: Sometimes, an individual might trick you into revealing your IP address by asking you to perform a network task that inadvertently exposes your IP.
Network Scanning Tools: If someone is on the same network as you (e.g., public Wi-Fi), they can use network scanning tools to potentially discover your device's IP address.
Embedded Technologies: Some IoT devices may expose your IP through their monitoring interfaces or APIs without traditional links being involved.

a bit long msg but thats known methods used

Can u tell me

thats what my msg is about

: )

What’s peer to peer

Can u get it from

It's a connection

PlayStation I’d

Imagine you're at a party chatting with friends. If you tell them your name, they know who you are. In the same way, when you connect to someone in a P2P network, they can see your IP address, which is like your "name" on the internet.

Some apps games or networks use it

So, peer-to-peer connections let computers talk directly to each other.

like can some one get it from PlayStation

I’d

if their ps is jailbroken and you invite them into a private party hosted by you maybe

im not sure about this

short answer yes its doable

Wtym ps it jail broken

wait

Ok

How long

Hi everyone. Please I need help to search for relatives of someone I know

No grabify

Right

How Can a Jailbroken PlayStation Expose Your IP Address?
Running Unofficial Software: Jailbroken consoles can run third-party apps that might have the ability to access network information, including your IP address. This could be software designed to track or exploit users.
Security Vulnerabilities: Jailbroken systems tend to be less secure because they bypass built-in protections. If someone installs malicious software, it could gather and send your IP address to someone else without your knowledge.
Network Tools: Some developers create tools for jailbroken consoles that can scan for other devices on the same network. If someone uses such a tool, they could potentially find your IP address among others connected to that network.

nope

scary right

but yeah ps aint that secure if your truly worried about ppl finding your ip with ps i can only recommend buying a vpn supported router for your ps

K

Ty

pleasure

use a tool like easybcd to set up dual boot or mount the windows 10 iso directly from your current system and run the setup from there choose a different partition to install on and it will create a dual boot menu automatically

start with logging system activity use zeek or osquery detect unusual behavior focus on user actions and network traffic try simple rules or python scripts for detection

Oh.. was about to speak, but then saw no vms

install vnc viewer on pi enable vnc on pc connect using ip address control pc from pi easily

thank you for you help! but i don't know how to do it practical

i am complete beginner and got this project

start by installing zeek or osquery on a test system follow beginner tutorials on youtube or official docs use virtual machines to simulate activity watch how logs are generated then try writing simple rules to detect weird behavior like logins at odd hours or data exfiltration

I‘m back with news, my IT teacher installed kali now as a live boot and it worked but ran slow because of 4gb of memory. The day before yesterday I ordered me 2 8gb memory chips and installed them yesterday

How do I install Linux

first download the iso of a distro like ubuntu or linux mint then use a tool like balena etcher or rufus to create a bootable usb stick insert the usb into your computer and restart it boot into the usb by pressing a key like f12 or esc during startup then follow the on screen instructions to install linux

Ok Ty

thank you! can you provide me the system/source code with that i am going to learn and then apply within my system

Hey anyone else participated in aicte hackathon that is going on right now?? The pentath is the name I guess

Hello. Did ýou have a cyber security/flipperzero lobby or no longer?

can nginx proxy mTLS traffic and https traffic while listening on the same port? Or do I need to listen on 2 different ports?

Uhhhhm, don't quote me, but I don't think it's possible with the same port

Curious question though, as to whether it is possible through other means

For the same domain, or different?

Wonder if the verification would be applied after accepting the connection and going through selection of vhost

Don't see why that wouldn't work, it's how you configure edges for some cdns, multiple domains, each with client cert verification enable to verify origin

Hey

Does anyone know a tool to discover the email behind a Twitch account?

No @abstract beacon #📜・rules

Firstly, that is not possible

Secondly, it is not ethical

Oh sorry

It was to recover a friends account but i see the problem

thks btw

Reach out to Twitch support, they are the only ones who can help you

Anyone offering services to aid in recovery are just out to scam you

He tries already but they dont seem to care at all

Yeah, looks like it's possible if you are talking about multiple domains

That's unfortunate 😦

Yep

Thks

I saw that the opsec channel is deleted and so is all guides on there. How do i create a fake identity so my real one isnt found?

Use your common sense so as to not reveal your real identity online

Creating a fake identity will just drive you mad trying to separate one from the other

If you're set on creating an alternate identity, then it's as simple as telling a story. If you mean how do you create an identity in a legal fashion, that would be illegal #📜・rules @chilly merlin

i think srhoe made an instagram reel about this once

Huhm, surprising

Attempting to create a fake legal identity is tantamount to fraud, and can be charged as such

Not that

Jus online

But stories are easy to see trough

Then if you really want to go that far, just make it up

Well, that's all an identity is

A story

I think OperatorBlood had talked about this

You should leave small red herrings

For anyone trying to get you

Why are you so worried?

If you want to separate your real life from your online life, just be sensible when speaking, and don't share personal details

Anything else is just common sense with extra steps

2 hackers actively chasing me after exposing their operations :D

Thats why i am worried

Then why ask this info here you may ask

That i cant say

I don't think my answer changes much after hearing that tbh

Sounds like a good way to turn in to a very paranoid individual

Best of luck 🙂

Thanks

#🎥・srhoe-videos message

lol

Oh thank you good sir

no problem

https://tenor.com/view/scream-cat-loud-angry-gif-26168455

Ok fair, but why would you need like a fake ssn, credit card, address etc

You gonna go plaster your new identity everywhere?

It just doesn't make sense

yeah thats just like

Don’t sound to smart to me

https://tenor.com/view/i-don't-know-idk-idk-about-that-gif-7336250873949261946

mmhm

Lmao spreading your stuff around so fast

If I had people on my tail, and my identity was not exposed.. I'd just ignore them

Don't post personal information

Common. Sense.

I have a feeling they are the bad guy

Simple as that especially if you know it can hold you up if someone finds it

Some people unfortunately do not have that luxury haha

💀

But if you're currently safe, you can stay safe.. by not doing a damn thing

.

Don’t take a rocket scientist to not have common sense and not share you’re sensitive info

yeah why move when you can just stay still

if they cant find you right now they wont find you

I mean if the person slips up then yea

DM me all your queries

Hi, I'm interested in Cybersecurity/Hacking I want to start somewhere, where should I start?

welcome to the server, i really recommend checking #👥・new-member-guide out

Thanks

no problem

if you ever have questions feel free to ask

has anyone worked on sof-elk before?
if yes, can they help me out a bit

What are you stuck on?

can some1 learn hacking on mobile?

like does it work

it can be done but it's a very limited option, since the env comfort is almost none existent
that's why most people that learn cybersecurity learn it through laptops or desk pcs

it's doable, try it and see if it works for you
if not i recommend just getting a computer to start up with

thinkpad specifically can be a good choice

you can install kali linux on your android phone through kali nethunter. Ive used it alot for pentesting environments and its good for on-site testing on the go. Its best to use a rooted android device. But computers are still essential of cybersecurity so i’d also recommend thinkpad too.

ty both for replying

Can anyone help me test penetrating apache 2.4.18?

Hlo guys is it possible to connect to the A PC to another PC

yes you can learn how to use RDP (Remote Desktop Protocol) so you can research how you do that, or another option is SSH (Secure Shell) through a command line interface which allows you to securely connect to a computer remotely. If you're using windows 11 I dont recommend using their built-in RDP since they are planning to remove it soon

I'm trying to penetrate old apache. I'm a newbie in cybersecurity. There are plenty of vulnerabilities in old apache and i want to test it.

Okay let me try it

It's working

nice 👍 what you are doing to connect to a pc for?

wait what, why are they removing it

how am i supposed to connect to the school servers now 💔

They are ending support for it i guess since its they are parts of it that are incompatible with win 11

Just some work I'm trying to do on my other PC

my school uses windows server that you can connect through with rdp

https://www.windowscentral.com/software-apps/windows-11/say-goodbye-to-microsofts-remote-desktop-app-and-get-ready-to-move-to-the-windows-app

the IT would have to open the uh

ssh port right?

or are they going to just replace it with something

yes port 22

your school IT allows you to connect to their network thru ssh?

not yet

i havent really tried either

they would have to allow port 22 on their firewall so you can connect to it

but idk why they would do that

allow me to test it out

Another thing how can i connect to any wifi with out password

you dont

you cant

Okay

best luck is using public wifi 👍

but i dont trust them lol

Me 2

They are slow

Use something like Metasploitable 2 or Docker with an old Apache setup.

oh hell nawww

itsa joke lol

you

ask for it

nicely

yeah if you ask super nicely it will work

just say the magic words

They've told me it's impossible

"connect pretty please"

maybe if the wifi is using WPS you have a slight chance of cracking it

what is

but we wont help you with that cause its unethical

#📜・rules

theres no legal way to get access to a network

without the password

unless you have a full written declaration of permission ;3

yeah you cant really get away from legally obtaining a password with no permission

Okay

and if you do , it all tracks to you

the logs shall cook you

that part is debatable

most wifi pw cracking is done offline

(as ironic as it sounds)

like with john the ripper or something?

no

the way it works is you capture the handshake

oh right

and then byretfirce ut

bruteforce it

which takes a hella long time

you have most luck with a wordlist

i always tell people

the most secure part of a network

is the password before u can connect to it

after that everything becomes so exploitable and vulnerable

you def need a good gpu if the password is secure enough lol

https://tenor.com/view/fire-writing-gif-2088247993237804628

theres a lot of ways to log or set up honeypots, - less ways to prevent it tho

regarding how much time you can crack it, the amount of resources it uses during the process

yeah

exaclty

so its easiest to just go to a device thats connected to it

and fetch the pw manually

yeah theres a way in windows cmd to obtain the pw, but sometimes its also patched depending the IT

i forgot the command

all they need to make a device rly hard to penetrate is to blacklist cmd

and not allow access to it

(in addition to other gpc configs)

is this enough info to ask or specific enough? it's for a bug bounty

I am very interested in participating, but I have a few questions I was unable to find answers to in the provided information:

1. Is there a disclosure agreement or contract I need to sign, considering the possibility of encountering sensitive data or security exploits?
2. While there is a list of vulnerabilities that are out of scope, is there a list of what is allowed to be tested? For example, are zero-day vulnerabilities within scope?
3. As a student currently studying cybersecurity, could you please clarify what is meant by P1–P4 report classifications?
4. Will any identifying information, such as IP addresses, be logged or recorded during testing?
5. Is there a specific testing window or time limit for participating in the program (e.g., a one-week duration)?
6. Are there legal safe harbor provisions in place?
7. Are there specific reporting guidelines or formats we should follow when submitting vulnerabilities?
8. Is permission required for automated scanning or fuzzing tools?
   for example nmap?
   Thank you for your time and assistance. I look forward to your response.
   Best regards,

I can not view my log data on kibana dashboard

Hi

kind of, i guess it just looks a bit more generic since some are obvious but i've never messed around bug bounty so i don't really know about the 8th question; since it needs to be more specific (aka asking for the frequency of the scans, asking for certain server or machine specs to not cause any inconvenient errors)
other than that it looks good so far

Does some one know how to spoof your ip ??

I want the theory

It sounds like you already know the theory behind it

vpn?

or what are u exactly asking

ip jump

Maby some tools 😂😂

@spiral notch

VPN is the best option and if you want a reliable vpn use PIA

Is it a dynamic vpn

Most of it is on the website it’s just missing some info like what is allowed to test on considering sometimes companies don’t want to have you use certain exploits that might trip rate limiting or something alike

ohh i see, if it's usually there then your questions seem of value

They listed some things like some test the rate limiting etc but they don’t specify it

Like they don’t specify which tools I can or can’t use

I mean for all I know nmap could rate limiting

So that’s why I’m asking or if I do a recon I could trip a rate limit

make sure logstash is running and properly parsing your logs also check if elasticsearch is indexing the data without errors try restarting the services then go to kibana and refresh the index patterns in settings if still no data appears check the logstash and elasticsearch logs for issues

Id suggest mullvad

Been using wihtout a problem for a long time

Also cheap (5 euro)

Monthly 5 euros btw unlike the other services that sell 2 years at once

I think I have been scammed

Someone who I thought was a friend got me to setup a crypto trading acct

https://globalsharesfund.pro/trade/account_details.php

Someone sent me this email Dear customer
Your account has been credited with the sum of $92
But unfortunately due to our current upgrade as from Jan. 18, 2024. You can only be able to start trading on your Mini account with the minimum start up amount of $250 USD.
You're therefore require to meet up with the sum of $158 USD before your trade can proceed. Note.. the $92 you've deposit will earn you $1,900... The $158 ask you to deposit before trade can proceed will earn you $3,800 ok.
For more info, contact support Thanks for trading with us.

From this email address posing as you globalsharesfundpro@gmail.com

They got me to give them my secure details

Please help

💀

My wife and family need our accounts secured and our money back

Please help!!!

I was trying to scan a website yesterday and my tor service seems to not working, i check the /etc/proxychains.conf and everything seems normal, but when i use it to ping google..it didn't respond..

I did turn it on the service..and also tried to ping without tor..and it work..

But when i use the service..it loading..

I use socks4 127.0.0.1 9050 for the proxy..

I also use dynamic..

Try something like

proxychains ping google.com

@barren dome

I did..

Its not working..

Ooohh

It didn't give any data..

Tor service running

I also tried to use --tor on commix tools, and its not working..

It is running..

I restart it like 5 Times..

Is curl working?

Yes..

Proxychains curl www.google.com

It give a reply..

Then don't worry

But i can't use it for scanning..

For some reason it didn't give a respond..

What tool you using ?

Commix..

Automation command injection tools..

Some tools don't respect proxychains...

I tried to use both the --tor and proxychains..it didn't work..

The tor flag is also didn't work..

I suspect something is wrong with the tor service..

Yeah commix don't support tor

Nope

It is?

Let me give you a proof

Well..if that the case..can you give me an alternative?

Its really risky using it without tor network..

Nvm chatgpt saying it could work if configured manually ... I'm so sorry I wasted your time I don't know the issue now

Damn..

Okay then..that fine..

I thought it won't support tor..

Thank for the suggestion..

I knew it from somewhere

Me to..

Well..its just like sqlmap..

But for command injection..

That why i doubt it didn't support tor..because the sqlmap does support it..

Thanks btw..

Tho u can use Xattacker try it...

What that?

Alternative to commix

Lemme see the github page..

Did some reach just now so I did not use personally tell me how it truned out

I see..

I forgot the pin to my email and I can’t download anything that changes my device the pin for my email

💀

create a new account

really dumb question: I cannot go past the install base system process while installing kali linux on my usb drive. Can anyone help me? While partitioning the disk I choose partition whole disk.

I did

It did. nothing

You're tryong to live boot?

yeah

okay so if you are trying to liveboot you need to get the kali live iso file instead of the installer

I also watched yt tuts but it doesnt seem to help

ohhhh

damnn im dumb

thanky ou tho

its okay

i made the same mistake once

Test.

error 500

@solar jewel can you see this channel?

giugiuuuuu.

@gentle bloom can you see this?

@jade silo can you see this?

@flint cape can you see this

yup

this is where i can ask ask for help or information?

Can you bio.

change*

sorry i don't understand

done n done, sorry i haven't used this account in a while

?

yup

or at #💬・old-gen-chat or respected channels

thanks, im new to coding, I did my first print command on java earlier, what does the ln in println stand for

it just means line

thanks

Did your problem solved? (I'm curious sorry)

Anyone able to help me rq

I got a friend who got his account taken by someone who token logged him. Any way to get it back?

reporting account being hacked and using customer support

your friend should change all passwords enable 2fa

Discord support goofy when it comes to this stuff

He needs to get back into his account first tho

well, how did your friend get into a situation where his session token is being stolen?

but it's the only legit way to recover the account if he still has access to the email tied to the account he should try resetting the password asap if the token logger changed the email too then yeah it's gonna be harder only support can help at that point

Hello everyone I need your help…want some ideas for my capstone project for university suggest me some in security and cloud

Please 🥺🥺🥺🥺

Helloo

hey guys

can anyone help me

Hey

You new here right

My instagram acc

What happen??

So I bought a new mobile and I forgot to delete my two factors authentication completely from the old mobile .Also I got my new mobile as a replacement for the old one ,so now I can't login into my account cuz of that as I don't have any access to the codes and I forgot my security code too.Moreover I don't have any photos of myself on my account so instagram wasn't helpful too

Gotta work with support. There's no way to get that back if it's bolted behind MFA and you don't have backup recovery codes unless you go through support.

I also need help

Ok I know this is kinda weird and but I kinda have an emergency, I’m a kid and my parents are going to plug my phone into their laptop to install bark, it’s gonna to scan all my DELETED messages in iMessage and I can’t using any settings cause of screen time do yall know any single way I can wipe everything, it happens in almost a hour.

factory reset 🤷‍♂️

Can’t logout cause of iCloud and can’t factory reset cause I need the screen time code

Yeah you need to use all the old storage used

A few times

Try to fill your phone storage with junk and delete it all

Don't install viruses tho

How do I delete it

I installed a app named malwarebytes to scan my phone cuz yesterday my ig acc was hacked i tought i have a malware or spyware on my phone the app didnt find anythig but then i scanned my main email and it said it was leaked somewhere i dont rlly know what are those apps but it says it was leaked on: LummaC2 stealer 2024, mixed combolist 2025; chucky mixed combolist 2025; alien txtbase mixed part 3 (and part 1 & 2) 2025. I asked chatGPT and told me to make a factory reset but i dont rlly want that is there any way i can fix it?

I’ve tried several times but she never lets me keep it

Yeah he does

Is there a way I can plug my phone into my computer and wipe everything

@supple grail

How do I get access to the folders im on iOS

Isn't there anyway I can get my account back through hacking ?

We will not hack accounts because it's unethical, please read the #📜・rules

Lays chips is wild work

Can someone help me?

Can i do it without factory reset?

Btw you know what are those apps? (LummaC2, mixed combolist, etc?)

No

They're data dumps from breaches. Your email is just in the open like most people. Change passwords for accounts and turn on MFA. That's my advice

Lumma is potentially due to malware. Did you ever paste anything into cmd or RUN for a CAPTCHA?

Well im on phone so i dont have cmd

Get a 2nd phone with prepaid minutes for anything you want privacy on. Ur phone ur minutes if they take it then it's theft.

I'm talking on PC. Those email scans are for the lifetime you have had the email

Any time a company got hacked and u had an account with them it'll be on that list

Oh yeah mmm no, i dont remember all comands i run on cmd was for fun or scan

But it can be this

Idk

Yea email account scans are 99% related to data breaches

They're good to know about but best you can do is use a password manager so no accounts share the same passwords and enable MFA on everything

And change all my passwords?

If you're going to do that use a password manager and have it make random passwords for you. Bitwarden is my personal recommendation

Use 1 super strong password for it and never use it anywhere else. Enable MFA for it as well

I use google passwords but ill change it if u think is better

I don't recommend using browser ones since the sync can be abused easily and exported to plaintext

Local hosted?

Thanks so i need just to change my password enable MFA and change my password manager im done, right?

Without any factory reset

I use cloud since bit has no backup recovery capabilities unless you use your own keys

So it's private

Yea Mobile malware is usually APK based not impossible to exist persistently outside of an app but most are apks

So uninstall any that are shady

Ok, tysm

No only you do bit destroys their copies after vault creation

https://bitwarden.com/help/bitwarden-security-white-paper/
Open source for all parts of their product

Plus they offer onprem so

You don't need to use their cloud

Ya I whole heartedly support them

Hello I need help

I wanna start codeing but I'm on mobile and I was just wondering if there's anyway to code on mobile?

@dapper bough nobody goin to jail for you..

Check out Replit or another IDE for mobile

Oh ok ill try thanks guys

I have started learning python recently and I want to know what is the best way to remember all the concepts(terminology and functions).

Notes write things down keep doing it and overall you’ll remember the concept of the things you’re working on

Once you get used to something you’ll be flying through it and you will be thinking back like damn I couldn’t do shit

https://obsidian.md is an amazing app for note taking that u can use too

Thanks for the reply. What Youtube channel would you recommend to learn python?

https://youtube.com/@networkchuck?si=Bh52dlD1_xJkkBED

https://youtube.com/@programmingwithmosh?si=bPdHWxOEW8jWMezR

Thanks

https://www.learnpython.org/

👀

assuming consistent demand what cybsec positions are the most lucrative?

dont get me wrong I've got passion for the field im just curious as to what route i should take

havent really narrowed in on anything yet

so i'll let money decide

Rip

https://tenor.com/view/kung-fu-panda-inner-peace-meditating-meditation-gif-16027577794040375305

💀 💀

blue teaming in that sense

which is referring to the ability to protect services

what's important is that at the end of the day you'll also be able to enjoy what you do

so make sure to base your choices around that as well and you should be all good and set to go

hello im new to here im looking for flipper zero helper

Their documentation is pretty decent @steel pendant - maybe state what you're struggling with specifically

thanks for replying im actually new to this i dont know anything and i got one so basically i saw this video on tiktok that said that this page had lots of people who help in a lot of field

hey, im doing the overthewire game, how do i use ls to find files with spaces?

it is \

after each word

Yup, or find and wrap in quotes in the fname parameter

any flipper zero guide here

well, idk the rest of the file name

Then use the find command with the iname parameter with glob patterns

no?

Huh?

wait, where did that message go? no i dont know how to list hidden files

uhhh

it is ls -la

👆

im like a beginner begiunner

man ls

Read the manuals too 🙂

you can watch yt tutorial

This is stated on the first challenge page too

First, if you know a command, but don’t know how to use it, try the manual (man page) by entering man <command>. For example, man ls to learn about the “ls” command. The “man” command also has a manual, try it! When using man, press q to quit (you can also use / and n and N to search).

The manuals for commands in Linux are generally very detailed

Sorry @steel pendant - I don't accept DMs from those I don't know

There are plenty of guides out there if you Google for something as simple as "flipper tutorial"

All good @outer path @steel pendant ?

ok thanks for your advise

Yo guys, I was gonna play a Megaman Fan Game, but when scanning the file, virustotal says is a trojan, but only one of all the antivirus say so, in this cases should I open it or no? I don't know if it might be a false positive tbh
https://www.virustotal.com/gui/file/513b7d0c0fc3e32f33f56e76394603a2dc5dc7e2f817465a9dea1bd0aae397d7?nocache=1

That is the link to the results

Only 1 out of 70 says is malicious

If it's not signed (although that doesn't mean much these days), and has any hits on VT, I'd steer clear, or at the least run it in a VM.

It's likely a false positive, but it's better to be safe than sorry

yee

its a heuristic detection

lol

@sudden mirage this is not the place for the kind of question you posted. Please read #📜・rules

Hi guys, im new here, I participated in a CTF and I felt very motivated to learn CyberSecurity, if you should start over, what would be your first steps?
Next year im finishing the Bachelor's Degree in Computer Science 🙂

okay so since you do computer science you already know how to code so that's good, me personally I would check #👥・new-member-guide out, there are a bunch of great things in there

I recommend starting with the basics like understanding networking and the protocols

Tryhackme is a great place to start all over, reading books is also good

It's normal that it takes a while to actually learn useful stuff but don't skip the basics, it's like wanting to take your dog for a walk in the park but you don't have a dog

What does being signed means?

I'm new to cyber field and i've been in development from 4 to 5 years now. I need a roadmap to start my career in cyber security.

Check out the content in #👥・new-member-guide 🙂

Loads of resources there to read over and get your teeth in to

Thanks. Appreciate it.

yo guys im making a website that send data like the player score to my backend server
but a cheater could see the request in the network inspector and redoo them so i added a hmac hash key signature but the key is in the code how could i hide it ?

Hmac encryption shouldn't be bad but, i think it is possible to bypass if the encryption is first done on the client side

the key pair need to change every request else the hacker could just redoo the same request he saw and just add score

One could inspect the traffic before the encryption takes place, manipulate the packet and send it in

I had a game i was inspecting once work like that

yea i moved the hmac signature in the backend but now the hacker could just call the backend server api/signature and the backend will do a working signature and submit fake score

what do you mean "inspect" ?

Sniff the packets, the headers or any data related to the requests

Who can help me with my Efootball purchase. It has written “unable to purchase” because I’ve reached maximum number of allowed purchases

so there kinda no way to fix this issue

There might be, but i am just unaware of one

i see thx anyways i will search an answer

Key will be in the code... That code should not be exposed tho... Like it should be in hidden pages and properly obstructed

Like not having the program on front end but on backend

the HMAC key is on the server, but the problem arises because the hacker can still call API endpoint (e.g., /api/getsignature) directly. They can use a network inspector to see the request, capture the valid signature, and then use that signature to call the /api/givescore endpoint with a fake score.

Even though the signature is generated server-side, if the hacker can get access to the signature creation API, they can essentially reuse the same process to generate valid signatures and forge their own requests with cheated data

I'm pretty sure we make avoid making api/getsignature public...

Can't we?

i dont know but as i see every single api call can be saw in inspector network tab

goodmorning guyss !!

@supple grail @eager knot finally waking up 5 hours after my usual time

hiiii

I can get my sweet sweet sleep

uhh this the help channel

Oh

Omg

but good morning

I haven't woken up enough

OH THEY

MOVED IT

🔥

How are you feeling?

Oops

HAHAHA

amazing, always amazing

does anybody know osint

alot of people here know osint tools, what do you specifically need?

someone called me from aus and texted me i want to know the information of that person

like can u do reverse phone number

oh, we don't do that over here, it's unethical
#📜・rules

but if you are worried, you can report that number as spam or block it

but we are just looking up its unethical?

it's ok to look up the phone number if you're trying to figure out if it's blacklisted somewhere or reported

but other than that if your intentions are to find out who stands behind it

it's unethical

that's all you would really need btw

yea i want to know only that

i think my phone no is breached

is there any way to remove it from internet

as for removal it's impossible, but it doesn't cost alot to change the number

or is there anyway i can lookup that where my no was breached

osint tools mostly provide info on whether your phone was breached. not where it was breached

thats sad

can u suggest ne any tools to reverse lookup phone no

to find hte owner of the phone numbeR?

the*

yeah

most of the site requires $

i want a free no login site

youve already proved youll use it or trying to use it unethically

theres none that we can or will provide you

please read the #📜・rules

bro 💀

alright

Is kali linux on android better rooted or rootless

kali linux on android aka nethunter is not that good overall for the phone

as disso said its not good overall however it is better rooted !!

rooted but increases risk aswell of your own security

better to use on old devices

how do i know if mine is rootless or rooted

if you bought it and havent modified anything

like unlocked the bootloader and or other firmware modifications

if you're using kali linux via nethunter or termux you can check if your device is rooted by typing su in terminal

if it gives you a root shell (eg prompt changes to #), it’s rooted

if it says command not found or access denied, it’s rootless

if u havent done thsose then its not rooted

Hello can someone help me install the drivers for antenna Alfa AWUSO36ACS on Kali Linux??

are you using a VM?

https://tenor.com/view/bih-please-gif-7953510298892076313

no

So nobody knows???

It's a specific hardware. Does the vendor not have driver install instructions for Linux? Could be no one had used that hardware before

https://docs.alfa.com.tw/Support/Linux/RTL8811AU/

Please make sure to read documentation for products

any one who know about paymaned gateway

i see that now have some bussines with card loading and bank transfers

can someone explein me what is that

tha i dont fell in trap

1. Acer Nitro V Gaming Laptop

2. ASUS TUF Gaming A15

3. HP Victus 16-e1060AX

4. Lenovo LOQ 15IAX9

5. Acer ALG AL15G-52

Recommend good laptop under 75-80k rupees

Or any of your recommendations

i am unsure of this one, just make sure that the banks you go through can be trusted
search for reviews on the internet and make sure you don't go on random street ATMs

what are you planning to use it for?

Programming/coding. Creator and some gaming

the Lenovo LOQ 15IAX9 is not bad

from what i see so far i mean

What about ASUS A15

what's the model? there's
FA507XI
FA507XV
FA507XU
FA507NV

no i mean that i see that some guys make a bussines with debit cards, and bank transfers swift and other things... i see that someone writen that he can load a bank acount

Anyone have any tips for passing Sec+

study

Can Someone help me? I have a quite basic CTF Exercise (about binary exploitation) but I am stuck 😦

Maybe I can help you out, hit me up

Can I DM you?

go ahead

...

@deep heath lmk where ur stuck

Wait brb

K so I went thru the slides that my professor shared and there are no formulas for solving this

Gpt says T is equal to the amount of data divided by rate

Data = X * 1024bytes * 8bits
Data rate = y * 10^6 bits per second

No worries so the math would be

Time(seconds)= (x8(1024))/(y1,000,000)
X=KB
Y=Mbps

Yes exactly

I can't be bothered with the syntax for discord

Ik the * make it italic it's hilarious

But yea

U get the idea

Yeah I do!

Thanks for the help man!

Np

Can I ping you if I need more?

Potentially. Can't promise availability

That's fine

And understandable

The lenevo loq has a lot of bad reviews

well to be completely honest every laptop might have alot of bad reviews

i am unsure of a laptop for gaming with that budget but

the specs seem relatively normal for your tasks

if you want a better functioning laptop it has to go above the specified budget

because nowadays we have computers with 32gb of ram at the very least

https://amzn.in/d/e161H04

Yeah

what games are you planning to play? and what programs are you planning to develop?

Idk I’m now in +2/puc2

In +1/puc1 they started teaching us phyton

And games idk🙂

.

so it should be alright for the tasks you want to preform generally speaking

but if you're willing to pay more than that, thinkpad would be a good choice

though it's less for gaming

Idea pad?

My cousin has ASUS f15

Where the meet ups for beginners?

we don't have anything like that, we don't seperate beginners from everyone else so feel free to chatter with anyone that you'd like! nobody is above or below you
also i recommend checking #👥・new-member-guide

u forgot rog gstrix 16

can anyone help me my git clone isnt working

could you specify?

any error that it gives

Everything 🙂

Business class models of any laptop manufacturer are the only ones you should buy. For Lenovo that would be the thinkpads

Unless yea if gaming is a requirement then Asus is decent but has a weird failure rate.

I need help, can someone show me how to use an ESP32?

There are so many tutorials out there how to program an ESP32 using the Arduino IDE

If you need to know how to wire up the chip then you'll need to dig further, but yeah.. there's a lot of info out there

...like https://www.youtube.com/watch?v=RiYnucfy_rs

YouTube is a great source to start off on understanding how they function

Refer to the genius goblin over here lol

Haha I'm no genius, but thanks 🤣

Many queries posted here can be solved simply by posting the question in to Google

- he says, a founder of HackTheBox

..but obviously having someone explain it to you 1:1 is easier, but it's not a likely outcome in most situations

That is true lol, a lot of the questions here just seem like google searches

Yeah that human touch is probably why they come here instead

i blew up my arduino uno r3 a couple weeks ago still sad was planning a project with it

but i will buy a esp32

at some point

I ruined 5 sample esp32-c5 chips by running them over with my chair

Still waiting for new shipment

😦

One of them kind of works.. but not in any sort of reliable way

that one refuses to die lol

Hahah, I dunno.. little guy tries

But true, maybe it should join its brethren

maybe

Yea esp32

Whoever sent me that video on ESP32 please resend. I don’t see the video anymore

It's here

Also, what are the full capabilities of an ESP32, does anybody know?

It depends on the model

Thanks bro!

Model features vary

Anything more specific you want to achieve with an esp?

i had a esp 8226 somewhere but i lost it it was kind of good but still the esp32 and esp32s are the goats

the arduinos are so slow

They are not exactly high power devices 😉 But yeah.. knowing the goals you wish to achieve with them would help

But the Espressif site does detail all model features

U know what, I think I was misled w the esp32. I don’t need to make my own Bluetooth server

Alr Quicc question. If someone wanted to look thru someone’s camera system how would they go about it?

yeah i know i built a automatic bin that recognises color and sorts the trash it was a good enough project for my republic competition in robotics

but i didnt do the test as good because there was a rule i didnt follow

ESP32 does indeed have Bluetooth capabilities on models, but again the features vary so mu ch

Others have WiFi, lora, etc etc

They have many models for many use cases 🙂

No. #📜・rules - this is an ethical server.

Indeed

It ain’t nothing there when I clicc on it bro?

What do you mean? That channel lists the rules for this server.

TLDR: behave, don't ask for help with unethical matters, and respect others

Works fine for me

Anyone working on my deleted posts i answered my own question.

hi i am new can yall help with at least something?

what do you recommend i learn first if i want to be a ethical hacker that is intrested in pen testing

What do you need help with?

It depends what you are interested in really. There are many avenues in the field of information security #👥・new-member-guide

red teaming

Same applies tbh

Red teaming applies to so many sub disciplines

i am interested in crypto and forex trading

isnt there like somethings i should know like networking

I'd probably check out the platforms available to you, try out some fundamental courses, see what you like

This is not the place for that, this is not a server for investment or trading advice.

i want to create a trading bot which involves coding somehow

or are you all about hacking?

Not the place for it @silver mauve

This is a server about ethical hacking.

Read #📜・rules

Can anyone help me get me IG back or send me to a course to hack it from the hackers they asking me for $300… I’m broke 😩

🤦‍♂️ no, speak to support

Anyone asking for money to help you will only scam you

Try to reset your password if you can, and enable MFA if you regain access.

If you cannot reset your login, then IG support are your only option.

how did you even get hacked?

Not worth discussing further

Who can help me restore my email

I've always herd stories about people getting there accounts stolen just wanted to know so i dont end up making the same mistake

No @flat hedge fml

What is fml

You

Read #📜・rules

The only people who can help you is your email service provider.

I literally just posted today then an hour ago can’t get acccess to it I’ll ask ig support i have no idea how I don’t even post that much or be there that much

https://help.instagram.com/368191326593075/

thats scary

The type shyt srhoe be talking bout in his videos

Usually accounts getting stolen is down to one of a few things. Re-used / shared credentials, downloading dodgy software that includes malware, or falling for phishing campaigns.

I been trynna find em so I can hack the hacker who did it to me

Ok that's enough @molten adder #📜・rules

Last time I'll say it

This is an ethical hacking server. Stick to the rules.

Two wrongs do not make a right, and we are not here to support you in retaliatory attacks, or to recover an account (which we can't do anyway)

My fault don’t whoop me I’ll read them rules

probably social engineering

so in #👥・new-member-guide i should fallow it from top to bottom

It's advice given by the server team here for new members, again.. there is no simple answer. Everyone has to find their own path, and their own strengths

The most important thing is to start learning

You have many platforms available to you where you can start for free, which are highlighted in that channel

ok thank you man i really appreciate the help

yo guys as u know im a begginer and i have thb student membership and i wonder if i should do the fundamentals before following pentester path or is it not nescesary since i got most of the fundamentals down or could go into them later or something or should i continue with fundamentals as i have been until now ?

is it a good thing if a girl saves a pic of u in chat

oops wrong channel

im js gon leave it in here bc its funny

finding value in them keep going they build a solid base even if you know some stuff already it’ll help connect the dots later and make the pentester path easier so better to complete fundamentals first then jump into the pentester path with confidence

Alrighty thanks alot appreciate the help

i'd recommend as someone going through it as well (still on the free path but i am planning to pay for the academy)

I literally give you paras for this answer 😅

Depends whether she's a assassin or not

guys I was just using HTB and there is a question that I do not get like it's for the MEOW and it's the 8th task it's asking submit the root flag can someone tell me what to fill there and the reason behind it too ?

hi just i need help with bypassing P160 Customer Interface Unit

#📜・rules

we dont help with unethical activitries

ok

I'm still paranoid about it hahahha

can someone help me guys ?

U should try privilege escalation and if u don't know what it is go back to fundamentals

I did all the questions before it. it's just that I have not understood this particular question it just said "submit root flag"

yep u are not ready

so go back to the fundamentals of pentesting

ok, so basically in hackthebox what you would notice is that it's not only a theoretial test: but also a hands on one
meaning that they gave you a machine to hack, what the questions and correct answers resemble in hack the box are also a hint to the way you are going to hack the machine.

a flag, is a term in hackthebox used to define a set of random characters within a text file that you would need to be on the look out for, and dig (hack) for in order to obtain it.

Thanks man

Im looking a way to VProtect my python file

and ofsucate it

Just completed the task thanks for explaining it to me I was stuck onto it for sometime. 👍

yw!

hello
i am a student in IT hoping i can be a cybersecurity architecht someday, however I am going thru a a burnout at the moment and need a fun way to learn cybersecurity and remind myself of why i chose it as my path, anyone has any tips?
thank you in advance

first off it’s totally okay to feel burnt out. Cybersecurity is a deep field, and it can get overwhelming.

watch some inspiring cybersec talks or documentaries they can reignite that spark

clear your head then come back stronger cybersecurity is vast and it’s okay to move at your own pace

i enjoy watching indepth documentaries to keep the motivation high

for example, 1s

wait cnat find it

cant*

https://youtu.be/qDt94PYwS2s?t=87

https://www.youtube.com/watch?v=PmtFtWVrxFE

and so on

fern and ironic i find to be pretty interesting

going somewhat in depth and while i do my work lets me keep my motivation

of why cybersec engineers are even useful

does anyone kno how to mod cracked repo? i got some instructions but my brain s messed up

Gamify what you are currently learning.

im new too and im learning html and CSS. I used Chat gtp to turn projects into a game. I score points if there are no mistakes in my code and if it makes sense and the goal is to try to score as many points as possible.

maybe you can try that with what you are stuck on lol.

Would anyone suggest Notion templates for study?

I'll check

I do obsidian as well

IK, but I can't be bothered accessing my notes in different systems using obsidian

Notion is accessible easily

Yeah fern makes bangers, with great story telling

obsidian >>

nah, it's free

Is the hacking that happens in movies actually possible? Like, can you truly find out someone's other information online from someone's one account? Like, without displaying any connections here on Discord or having a good security protection for account, would a hacker ever be able to bypass it and find your other socials? I know that everything on internet is stored in some database and exists as a trace somewhere

I'm just curious about it, it interests me since I hear about hacker attacks and I am wondering how do they manage to even hack the security system

yes

its possible

Okay, how? If Discord or other platforms have a very good protection measure, such as, sending an e-mail whenever you login in a account from another location

Google does this as well

Of course, some people never see that e-mail because they don't check it

But then there's the phone verification

there are ways to bypass a lot of those measures. however we teach people how to stay secure from those or spread awareness about their existence. we dont teach how to perform those types of attacks as they can be used unethicall or illegally and we'd be liable for teaching you

systems get more and more secure every day but the human mind stays vulnerable

Yes, I understand that, but it's interesting. So they bypass it by tricking the victim into it or just use code and brute force? I heard people usually get scammed into something

Scammers are so easy to avoid lol

@calm pewter
You have been summoned

._.

as for hacking into secured systems that often involves exploiting vulnerabilities phishing weak passwords or misconfigurations it’s not always about brute force sometimes just one mistake or leak is enough for a skilled attacker to get in

Damn, that easy? I thought it was wayy harder

well its not easy

its difficult

its easy to say, hard to do

also bruteforcing is a very inefficient tactic for web services

True, but holes always exist everywhere

since those mostly have cooldowns and block you after x attempts

yep

the harder part is going undetected or breaking into well secured systems

Don't they use a VPN of some sort?

most hackers use vpn proxies or tor to hide their real ip

no method is 100 percent foolproof it's all about how careful and consistent they are with their opsec

I heard about Tor, it's said to connect to darker parts of the internet

But it's also owned by goverment I think because there's no way goverment wouldn't know about such dark websites existing

Indeed

no just some exit nodes are monitored

also honeypots exist

yes but there are other things you need to think about as well

Okay but how come not the dark ones? They have to use some server for transfering data

just a vpn doesnt keep you safe

wdym how come not the dark ones

they use off shore bulletproof services

How aren't they discovered and banned from the net

if thats what you mean

offshore bulletproof services

Which desktop environment do y'all recommend for arch?

The government uses tor to track how criminals operate and who gets a share of profits in the market

offshore = somewhere on an island in a different continent where international law doesnt apply
bulletproof = entirely ignore any lawsuits, reports, etc

Interesting, so it's like a cat-mouse trap

not always

tor isnt entirely monitored

Fascinating, I never knew that was possible because streets have cameras (some) and law is applied anywhere, but that is a possibility I guess

xfce for speed and simplicity
kde plasma for features and customization
gnome for modern clean look
awesome or i3 if you like tiling and minimalism
lxqt or mate if you want something lightweight and traditional

i was a xfce fanboy for a long time

rn i love gnome for how u dont need to set it up too much

but still stays very customizable

and always super clean

mac-like look

Hmm the install is failing already

How does internet security even work? I feel like a computer is just as complex as our organ system, there's so much to learn. Like, what is motherboard made of, BIOS, OS, Memory and it's memory buses and registers, Graphics, physics behind the monitors and hard disks, it's all a mindwreck, then we have firewalls, anti-viruses, etc

its not as complex

because everything in computing can be explained

unlike functions of the brain and so on

(sorry if you didnt mean it literally)

just have to clarify

well its a wide field just like you said youreself

True but it often has lots of terms that connect to other terms if I go to research on internet about it

is there anything specific?

youre itnerested about internet security

Everything about it interests me lol

And about computers in general

There are models that make it easier to understand

I heard about the old model some man made, the basic memory scheme if I recall well

I wish our schoola taught us more, I barely learnt anything, we just kept learning about Excel, Word, Acess and Powerpoint and anything else was barely touched so that did suck for me

I just know the basics of basics ☠️

Because our schools really suck on tech knoweldge

well i can give you a bit from a network penetration tester's perspective:

• HTTPS, SSL encryption, which doesnt let me sniff and snoop packets on your network like login info and tokens, because its encrypted.
• VPNs wont let me even view what websites youre visiting at all, that way i cant even start a watering hole attack (where i try to infect the pages that you visit)
• if you set up a decent firewall or configure your device to ignore ARP re-bounds, i will not even be able to find your device while im performing reconnaisance on the network. Your device will be entirely invisible and i cant even target it with my payloads.
• In addition to VPNs, you can use DoH, to route your DNS through 1.1.1.1 and 8.8.8.8 to make you immune to DNS spoofing and fake webpages/redirect attacks.

We still have teacher mfs that think Ai makes us more stupid

all of these things are becoming better and better with time

incorporated into more systems

Aha, so it's like many layers of security that protect you from each side to not get attacked online?

Yes, but Ai can be very useful and explain a huge chunk of data in simpler terms and help you learn better

yep pretty much

i can still workaround all these, i can disable VPNs once i infect a network, DoH, and downgrade/decrypt SSL, but all those things make my job much tougher

but some just get easier to penetrate

dont get me wrong, even though its possible to do so, doesnt mean there arent furether defenses against those

i know the limit of my knwoledge and i know where i can secure a network till the point that it becomes impenetrable, at the cost of not being overly user friendly

Yes, but where does Ai even pull database from?

knowledge*

it gets trained

That is very skilled then

By it's users or the one that host it?

thanks, took me a while

4 ish years

sometimes by user data

it has the base often trained by the developers

by just exposing it to public data

available

its very complex

Daaamn, that is a long time but that makes you more experienced and smarter. How did you learn the basics and how to code? Were you self taught?

so, for the basics, its a bit easier, because there are a lot of things available online to get youy started

once it gets to those things that can be used unethically or illegally, you have to become self taught

I am willing to learn anything complex. I am just so passionate about it, but I often get overburned by unknown terms and concepts and then I give up 🙃

you learn from your mistakes yourself, you learn from your success yourself too.

I heard about site w3schools that teaches you about coding basics from any programming language

its really good, i vouch for it

I am going through the same thing it just becomes boring after a while

its not ideal because its a bit old but its like the core/base for the start of programming

for example how every political figure needs to read from Machiavelli

That's a real challange because law thinks that anyone that wants to make a program that can gather someone's data in any form "bad", but the data gather can be good for an example, criminals and it can help to expose them better, but that's the moral dilemma I guess

every psychology-interested person needs to read from robert greene

thus, every programmer needs to check out w3schools

thats where greyhats come in

walking on thin ice between ethicality, legality, and morality

I am using it to learn python the problem is it doesn't get into depth on it's explanation of concepts, so I use Youtube to get a better understanding

python is amazing

i use it daily

all my projects are in it

Same, I can understand the theory behind the code but it bothers me in practice so much because the Decomplier I use to write code doesn't understand me and my code so it throws errors a lot. The problem with programming language I face with is that in practice, I have no idea how to even start the code, there's so many keywords to remember and I don't know how to make it do what I want without errors. Like, if I want to get user's input, what to define, etc

It's kinda too open for me, there isn't a one strict set of commands I can use, it can be written in different ways with same syntax

i think you might just be tackling harder projkects out of your learning scoe

yep correct

thats how programming is so wide of a topic

Yes, indeed. I tried to open an old game in x32dbg program and to study Assembly myself, all I saw is a bunch of Load and Move instructions with hex adresses I don't even understand

That makes it easier to use it's like solve for x there are many ways to kill a cat

definetely do not tackle assembly as a beginner...

thats arguably the hardest language you can pick

I'd love to decode where does that adress point to and where

I see it in errors and games a lot, it's a big chunk of hex adresses that all point somewhere tho

It's also the first used one I think

first used was pure 0s and 1s

It was the first way of communicating with pc as a programming language

Yes, exactly

@spiral notch oh kv the arch expert please help me