a vpn?

lol

Yea that works ik but i want my burp collab link to be sent

never played around much with a vpn just clicked connect and disconnect. I cpuld probably setup my own proxy

Anyone who can help me out with finding voucher for certification like CWL red teaming or any other certification vouchers.

#👥・help-me Advice?! 🤦‍♀️My iCloud, iPhone, and Mac got compromised with live persistence I can’t kill. I found a Cloned drive on my Mac (obviously wasn’t meant to find files deeply embedded) that had coded file drops, VPN hops, checksum checks, and payout confirmations — some files triggered to kill my terminal and eventually bricked my Mac, it’s now stuck on the gray “?”. Even after resets, wipes, keys, 2FA, and a new iPhone, iCloud files still delete live off my phone. I can’t find the access point and it’s alive and living its best life currently on all my shit. Anyone here rip out persistence at this level?

You sure you just didn't enter your credential in a phishing page?

Hey guys. I have a question. I don't know a lot about cybersecurity, but I've got a couple years of experience coding with plenty of programming languages (C, C++, C#, Java, Python, Rust). I want to continue working with programming but want to start doing stuff involving cybersec and "hacking." What field and learning resources would you recommend in my case?

Oh, I wish it was that. Unfortunately, I know who it is, and they literally infiltrated my whole Mac, and it only started acting up when I found it and started parsing the files and reading the encoded commas, which clearly were involving illegal under my shit - I’m more annoyed that he acted like he didn’t know shit about technology

Hi everyone. I’m in need of a white hat . I have little to zero experience and apparently I’m an easy target. It’s been years of someone violating my network, devices and emails. The ISP has basically said I’m on my own and even though Ik this may be a big risk I’m willing to risk it just to get some peace.
Please reach out if you are a good human who can make time to help a scarred victim like me. Thank you

For the average person just following these 3 simple rules.

1. Don't click on any suspicious link or download files from questionable websites.
2. Use MFA everywhere
3. In case you get compromised and you don't know how, reset your Pc and change all of your passwords.

Hi OX. I have an idea of how my info was obtained originally ( by some people I let stay at my house due to being homeless. Friends of friends) but resetting passwords, using MFA may be a bandaid on a missing limb at this point.

isps lwk suck, they rly dont gaf about the stuff that goes on

It's called having layered security. Your "main" security step is not having any kind of malware or enter your credentials in the first place.

And if that fails you better hope the other security measures work for you.

You can also harden your system, but that's going a bit too much into technical detail.

Would it be smart to double check ur router for open ports or vulnerabilities at this point?

I’m at ground zero right now. Please give me the nuclear option. They use my sister voice to make calls to me when they haven’t actually called. It’s scary and beyond anything I’ve ever imagined

ISPs and standard support won’t do much once it goes deeper than surface level access. First step is to document everything: device logs, iCloud sessions, look for odd network traffic. From there, focus on eliminating possible entry points (startup items, profiles, VPNs, hidden certs) and confirm if the activity is tied to the account itself.

No open ports. I checked.However our devices not all at one time. Make 40 plus hops to connect

Sadly the calls may also not be because of the intrusion, AI voice calls have been growing, even those with familiar voices

Do Your calls come in with an actual phone number. If so I can run and get the ips and trace them even with vpn

This is interesting is there a how to for non gods out there somewhere that I can do this myself? Or a company that I can hire?

You pick phone calls from random strangers, because I don't

lol you sound like me I just posted that in another chat

It does but it’s a spoofed number . It’s my sisters actual phone number as far as I can c

lol same

Yeah scammers lwk got hella good

I'd honestly tell everyone yk to text you before calling first

No I do not. It’s my family’s number that shows.

Are you an important person? E.g some kind of CEO or someone that has a high position?

Oh shit, I mean if it was an SMS you can back door the metadata but other than that if it’s phone calls, it’s gotta go through your carrier

Because going so deep is usually reserved against high target profiles.

So wait, some people where allowed in your home, and that's when it started?

There wasn't anything else you noticed?

I’m over here given advice yet I can’t help myself bc my ex is way smarter than me apparently haha

They would have to know how to access or at least have the password to the Wi-Fi to access the router if they never logged into the admin and changed the password

They also could've just bruteforced the password, I'm also not really sure what their exact issue is, it could be malware that moved laterally, or could be leaks, i have no clue

Honestly they also could've just accessed a device in their house as well

Just change your phone number

And reset your router

It’s been happening since I let them stay at my home but they have ratcheted up their attacks this last 2 years.. I’m not an important person and I feel like I’m physically been assaulted. So if anyone can help me or can recommend someone professional to help me I would appreciate it

That'll fix the calling issue but I re-read the original post and it sounds like a shit sow, emails, devices, a lott

For years is insane

I think they have the device serial #’s as well but I like the way u think. Hmmm

That’s why you hard reset the router which will suck ass if you have a lot of smart things in your home bc you have to reconnect it all

Have you blogged into your router ip to change the admin

Proffesional service, especially for forensic can cost you over +$10'000 easily lol

Damn, I’m in the wrong profession

I have actually changed the router 2 times and have a new one in a box looking at me right now

Like I said, your best bet is just to reset all your devices if you are that worried about it.

Well set that up lol

It’s looking at you saying get that old shit out of here

Also jumping from a router into a different device is quite difficulty anyway.

It's not like you can gain access to a device just because you have access to a router.

If it makes you feel any better I’ve got a live listener on all of my shit that I can’t kill

What 😭

Yeahhh I posted for help bc I can’t help myself!! Deeply imbedded in all of my shit

jesus

Side note it’s my ex and I did find out parsing his files he injected on my Mac he’s been banging my brothers wife wilddddd

Sorry. I obviously can relate

Jaw dropped to the floor.

How exacly did you find that out?

I have my doubts with that story.

Also why not j call the cops if it is true?

Check yours msgs

Because I didn’t know exactly what was being done. All I was reading were these conversations that were in code words I can show you a snippet I don’t know exactly what they were doing, but it was very telling that it wasn’t legal but what am I gonna do I’m not a snitch. I’m from Jersey unless it involved harming other people, but I never got that far because he crashed my Mac

• Tunnel is stacked. Triple layer. Exit node clean.
• Receipt confirmed. Ghost account will cover payout trail. Those are two snippets from raw dumps- and I have no clue what was being done so idk

That sounds more like you shared the device with him and he has also his account on it.

No, we live together for years and he always acted like he never knew anything about technology, but my Mac was in my office and it wasn’t locked. I didn’t think he really knew anything. Honestly he fooled me but I should’ve known because he would always talk about “this kid at work.” who knows everything about hacking. He literally cloned my hard drive so he was controlling my files and his files that were embedded.

He hasn’t had access to any of my tech stuff in well over a year and he’s still to this day currently is remotely on all of my shit and I can’t get him off I literally took a video with my other phone and watched all of my files. Get deleted one by one as if I was doing it. It was bizarre.

If he has unwanted access to a device, it's not legal, saying your from jersey is a strange excuse for an issue that's fixable

Honestly I have my doubts that this is possible. If you factory reset your Mac there is no way that he has access to it.

What am I gonna do? Bring my phone to the cops and say what? They don’t care about that kind of stuff out here not to mention he’s friends with the chief of police so he’ll get notified before anything happens anyway. The jersey stigmas are alive and well.

I mean there is ways but I think it's very unlikely he's that skilled in the field

Bring your mac to the cops?

not even

/#

I can’t factory reset it it’s stuck on a screen with a blinking gray question mark

Tell them the situation, just do that and see what they say

If he IS friends with the cheif that is probably goiung to be a thing lwk

Well then go to you nearest apple shop and let them do it if you don't know how.

My Mac is dead. I can’t get past the blinking question mark I tried all of the hot keys nothing worked I even contacted Apple and try to report it to Apple and I saved my conversation and there was nothing they would do.

Open it up then

swap out storage for a clean version

Can you even swap storage on a Mac?

I want to say yes, but lemme check

What version of mac do you have

Apple in general is very restrictive what an enduser can do.

Oh fs but I think some of the oldish ones only had warranty voiding stuff blocking the user

it looks like post 2018 macbooks have the storage integrated into the logic board

but pre 2018 is good

You said you did hotkeys, did you enter recovery?

That’s a picture of the cloned on my Mac once I tried to delete it. Shit went South.

That looks normal to me?

Yeah I was going to say...

This was before the question mark then?

I'm not a Mac pro, but if you erase your disk, I assume it doesn't touch any important system files?

It doesn't

You'd have to manually do something like reformatting to wipe it all

but that would make the mac useless so

When I do a fresh Windows 11 installation I erase everything, including the boot section.

Smart

Again did you try entering recovery? and what model is your mac?

Untitled 2 is a clone

That's the storage name

Yep I tried rebooting from bios it’s just stuck

You can change it to whatever

No that’s not mine

Does your model have a physical drive you can swap?

https://www.reddit.com/r/applehelp/comments/f3swuk/i_need_to_erase_my_hard_drive_on_my_mac_can/

Ohhhh

The other one is for emergency recover

I was a bit confused about the Internal and Disk Images

can someone help me, i ask my friend for a project and he made it for me but heres the twist he used pyarmor to encrypt the file so can someone help me decrypt it

So I guess the Disk Image is the one that contains all the important system related files used for the boot process and other critical component while Internal is just your storage

Untitled 2 had full system folders (/System/Library/, /Users/, /Applications/, /private/var/), same timestamps as my main system, plus my caches, crash logs, and Keychains. That means it wasn’t recovery it was a literal full mirrorclone of my active drive that I never created. Not to mention the date it was created was last year and my Mac is four years old.

that sounds like normal default folders?

So you can nottttt physically change the drive okay

OK, whatever you think doesn’t make a difference not trying to prove myself or anything to anybody I just wanted to get it back and running and I can’t

https://support.apple.com/en-gb/guide/mac-help/mh27903/mac

Yea probably because you erased some system files

Yes, definitely

https://support.apple.com/en-gb/guide/mac-help/mchlp1599/15.0/mac/15.0

Eh 2 different varients depending on your CPU

Can I? Maybe you can walk me through it on bios clearly I haven’t tried

Just follow the instruction

when I tried to remove the “alleged” clone untitled 2, I corrupted the boot process and removed the Mac’s ability to find a valid system.

Thanks for the insight teh boon

https://tenor.com/view/im-watching-watch-you-eyes-on-you-kid-cute-gif-16282723

Kenji you have been warned before about unethical practices. I am watching you 👀 how do we know you are telling the truth?

Can't we get a mod to ban him since hes been warned before?

@mossy pecan need more info here. Why do you need help if your friend supposedly encrypted? Why would you ask us if he gave you the project to do?

can someone help me or give me idea of how to make hcaptcha solver

Answer my questions

sorry what questiion was it

im so sorry

😭

The ones I tagged you in

he gave me a file but i ask chatgpt whats this file and chatgpt said its encrypted with pyarmor thats why im here to get some help decrypting it

i thought i can get some help insteadd im being question

Pyarmor is used to protect code. Decrypting without permission is unethical & illegal. You have asked for unethical help here before. Honestly, I do not believe you. You need to stop

im so sorry

😭

can you help me how to make hcaptcha solver instead

hotami

i need help with this question on tryhackme.com dns in detail : What type of TLD is .co.uk

Not if it's malware

United Kingdom

5 character limit

For what? What will you use it for. Pick your next answer wisely.

ive tried uk , co.uk and more

https://tenor.com/view/birdy-owl-hoot-gif-15662908

@mossy pecan answer

Please stop questioning me😭

im going to use it for my project

What project

Damn some of you are ruthless. Don’t be cyber bullies #notcool

People need to follow the rules here and not try to bypass them. No bullies here just protecting the flock, thanks

Sometimes it’s not what you say it’s how you say it

https://tenor.com/view/cat-orange-cat-laughing-aaaa-gif-4465510619613777157

Good morning

Thanks for your opinion. Sorry for your misinterpretation 🤷‍♂️

@fathom summit I don’t believe it was my misinterpretation. I pretty much verbatim took it for how you said it. I just have a weird feeling if you were in person with whomever you were talking to you wouldn’t say it that way to their face. That’s all I’m saying if you wouldn’t say it to their face, don’t say it on the Internet.

Not in here

let mods do the job people, the reason we're asking for intent before providing service is because we are a partnered server, if anything remotely unethical/illegal gets assistance or a stage here it's on us

oh sht

didnt know that

Still kenji?

yes why

Kenji

My friend

Please

I beg you

are you getting tired of me

You are hostile AF @fathom summit

Start at the beginning

beg what

i did

Learn all the individual things you need to do what you want to do

but you cant really change the fate when you need some help

^

https://tenor.com/view/stewie-owl-owl-stewie-not-interested-gif-13065734

I don't think you "need" to cheat in mobile legends, or break other people's encryption.

These seem like Wants

i didnt mean cheat

There is a difference between asking for help and just use google.

lets forget about that

but this is your end goal

But I can't if you are asking right now to break someone's encryption, not even fully understanding what the language is you are trying to decrypt into?

If you ask a new bad thing, then people will think of all the bad things that were asked.

yup and this isn't the first time that it happens, again: we are an ethical hacking server. we don't provide services to others or guide them through an entire operation.
to some degree people have to pull most of the strings, and we help from time to time with questions that are straight forward and comfortably answerable, but not when it comes to unethical/illegal activities.

Hi guys

omfg

no way you’re still trying

would that happen to be the very same friend as here?
#👥・help-me message

Yh

With Discord

how do i transfer my terminal from vm onto my desktop. like a new tab but terminal

https://youtu.be/u036M7p6-ak

Sudo apt install opsec doesn't work

Who said that?!

Anyone wanna guide me I'm about to start

Hey best of luck in your journey start here #👥・new-member-guide

I get that alot o just need someone to see since i won't understand most stuff

You want the honest, or the nice answer?

Honest

Keep doing research and learning. It will click, keep trying. You got this 💪

Noone will

no one will. I see that question daily, and no one ever volunteered.

I mean I'm not that good at English and it got alot of talks and learning a new thing and lazness-AHHH

There's a chance

There isn't

That is ok. You can still try my friend, if you are really passionate & intrigued about learning then you won’t be lazy.

It's still pretty hard honestly

lazy is fine, means you are likely to think about doing stuff more efficient. But this isn't a field of shortcuts and walkthroughs

It's not entry level, that's why

Basics are the actual hard

Since if i know the basics I'll learn automatically when progressing

And the less likely you are to research on your own, the more likely this would be a drag for anyone to teach

You got to start somewhere & grow. Don’t make excuses, lock in 🫡

Imma try

That is the spirit, you got this

Works for me

How do I go from being a script kiddie to an amateur "hacker"

There is no definition for that.

Okay I'm just gonna read some more documentation then

That's how you land in tutorial hell

Okay then what the hell do I do

You have to mix it with reading and practice lab

... Read what?

Documentation?

Practice lab yeah sure i can do that

Depends what you want to know. Cyber security is big

If you wanna attack Active Directory, then your read about them.

what

hey everyone! 👋🏻
anyone here who has a broad knowledge of the secp256k1 ecc?

Guess someone will stay being a skid for the rest of their life

Where can I read them

I mean

I spent the whole day yesterday figuring out how to install kali-linux WSL

Where can i read them

pov you asked the same thing

Twice

He didn't answer me

The first thing you should learn is to use google for simple questions

What for

you gave him 20 seconds.

everyone is a skid

Okay I'm just gonna ask chatgpt then

never getting far

Brain gon shrink this way

@rotund star that is unethical & illegal and we do not condone in unauthorized access. Please read the #📜・rules

oh no this is going in the hall of skids

Well gues he's never going to work in the industry with that approach

too late for him

wtf did he say

change their wallpapers to what

☠️ ☠️

Okay sorry

i had some questions regarding the curves structure which i couldn't find elsewhere especially on BitcoinTalk or other platforms.

ChatGPT, google

oh hi kvts

hi ^^

doesn't have the answer, ofcourse i tried them 🙂

Goodnight im going to sleep gng

Good night 👋

hey chat can someone help me with sending a GET request plz?

If possible then can you elaborate that
Generally sending any request we use burpsuite, but I will have to know what are you exactly talking about

Are you getting error through burp?

im on tryhack me doing the viewsite

Make a GET request to /api/users. What is the flag?

?

Ohhh from your description it seems like a API exploitation

Well so Get request is a kind of request that your browser sends to the server to view the content of it

Here the target has /api/users so it is using api
And you can send a get request to it through cURL command and then pipe it to jq like this:

curl “http://target.here/api/users” | jq .

It will show a nice JSON output, maybe flag will be there or you might have to find other api endpoints

hmmm thank you for this i wish you could give me a visual

so there's this dude who created an instagram account pretending to be someone ik and he's out there spreading misinformation about her

i tried reporting the acc for "pretending to be someone else" but instagram doesn't think that acc goes against the community guidelines

a scammer had tried doing the same before in the name of someone else but that time, the acc was removed in like 10min after reporting

what do I do :/

There is not a lot you can do, if meta support decides to do nothing.

Signed up for HTB been doing a few modules but am running out of cubes, I started with 40 cubes and am now down to 10. Is there a way to get more cubes and if possible for free? I'm not trying to spend heaps of money but also dont want to keep shifting between htb, thm etc I mainly want to kind of finish one before I do the other. TIA 😁

when finishing certain modules

you get 10 back

Yea I knew that but that leaves me in a loop between 30 and 40 cubes Im wondering if I can earn cubes somehow or something instead, thanks for the answer tho 👍🏼

No, you can’t

You have to pay

no worries tho

Yea damn that sucks then. Alright thanks anyway

just do Tryhackme lol

-# (goblin pls don’t kill me)

man

yeah.. bummer.. but if you thought asking that on a hacking oriented server would net you a different result, then the answer is no, #📜・rules no. 3

yeah

:/

i thought of just sending him some convincing link cuz atm he doesn't suspect me of anything

might as well try to get access to that account

Apart from being illegal, it's also simply that every buffoon comes here, daily, asks the same question with a sad sob story no one can verify and tries to argue like he's talking to chatgpt

ah

well it is what it is

i could just give you the fake acc and the actual one

it's pretty obv

you can also just drop the entire line of question, and get to stay on this server.. cause this shit ain't flying

ah

the #📜・rules have no subsection "unless you dont want to, ofc"

i just asked it here for the sake of getting suggestions

i don't want no "hacker" to do the work for me

i ain't tryna rent a hacker or anything duh

great. thats settled then

moving on

sure thanks

Hey guys I’m new here

Hope all is doing well 🩶☦️

Really on a beginner level what would suggest I start with on a full scale learning aspect?

#💕・free-resources etc

Well If you need help or want to know how to hack

#👥・new-member-guide #👥・help-me #💕・free-resources are here

Thank you guys so much

🩶☦️

What vpns would you rate the best?

Mullvad

completely anonymous, let’s you literally send money via envelope with no return address

Servers are ram based

No logs

I just come into cybersecurity recently.
Please give me top resources I can use to learn effectively and efficiently

#👥・new-member-guide

can someone please help me this "Bluestacks requires at least 6gb of free disk space in C:\programdata\bluestacks_nxt drive to install"

check ur storage dude..

what

kind

of question is this

Mullvad

it is more like a note than a question

are you telling or asking

free up some storage brother

the error details are there

unless you're looking for a workaround if that is your end-goal?

Any good antivirus that anyone would recommend?

or is window defender enough?

got doxxed 120th time now

how?

anyone who can give pros and cons of code dex?

Is restorecord safe?

Does it leak my ip?

Can someone even know my house with ip

No

And yes

Ive spoken to one of biggest discord d0xing usser the og owner of infosec and yes

#📜・rules

report them

on insta

no, u dont

report them

Report them to the police and talk with your perants

I promise you the longer you wait the worse it gets

Like ive seen enough extort cases

And the victim never gets in trouble

Why does sudo apt install opsec not work

it's a joke

Is chrome good opsec

are you joking or are you being serious

seriously joking

fr0stbyt3s got hacked and his discord account got compromised but he is on it and when his account is clean would it be possible to unbann on this server?

who just said that?!

I saw a guy saying sudo apt install opsec in a tiktok comment section

yeah nah
don't rely on tiktok for cybersec

the entire platform is literally mostly bs

hence why i never bothered hopping in
the app itself is dedicated to make you doom scroll for as long as you live

lol it’s banned in my country

better that way honestly
it's not banned here but i have never ever registered a tiktok account

i never had tiktok and never will

i feel proud saying that lol

me too

Whats the difference between that and instagram

none honestly
i don't do instagram either

they are both dedicated to make you scroll

Designed to steal your "Agency", and allow you to have less control over that part of your life. Kind of like doritos.

How to get virtual numbers ??

Apps

I had a phone addiction but 3 to 4 months from now I deleted everything and now I have so much more free time

I don\t even want them anymore

https://tenor.com/view/freedom-gif-14887144685173519659

I’m new

I wanna learn

Can someone help

#👥・new-member-guide

Which app kindly mention

2number

If you need help or want to know how to hack

#👥・new-member-guide #👥・help-me #💕・free-resources are here

Available on playstore??

Yep ill send you the link

https://play.google.com/store/apps/details?id=com.bpmobile.second.phone

oh I know this I used it

there were a tool compatible with linux that I used to sue to get free calls and spoofind for free 😭

but it got banned or patched or idk

Ty

good evening i pretty new here

i want to learn coding but dont how to start

any suggestions

https://www.python.org/about/gettingstarted/

thank you

@woven anvil btw last time when you were talking about flashing kali with rufus is bad

were you talking about only for kali's case or rufus as an app

#👥・help-me message

Thats the context

DD mode should work in theory, but the regular mode ignores the standard to "automate" some things, which can break some ISOs

thanks ♥️

It's just that It was in the back of my mind and I just remembered it

not just kali, there are other distros too - I just don't use rufus anymore if I can help it

Not saying it is a problem for every OS image out there though

yeah, thats why i linked the topic. ^_^

hi i need help

https://dontasktoask.com

helloo, what do you need?

Can you send me a DM

I usually don't talk on dms

But what's up?

Are you looking for some specific topic? Maybe i could help c:

I don't how to explain that thing.

he probably needs his exs insta acc back, yk, the usual story LOL

ofc you don’t, thus why’d you want him to dm you

If you don’t even know how to phrase your question

or why ask if you don’t know how to ask

That's what I thought

There's a channel for a reason

I don't mind helping others

Literally the acc was created in less then a week, I'm just being careful ;)

If people want to go to DMs on a hacking-centered discord server they simply want to evade scrutiny and nothing they say is truthful

"I dont know how to explain that thing" is either an obvious lie, or they should come back when they collected their thought

Like showing up at a restaurant and telling them you really dont know what you want to order

I can't understand the Hack the Box fawn challenge in task 7

You are on the HTB discord and have not asked there?

No

I know that you have not, the question is "why"

its their content, ask them

people are getting dumber by the day

you are literally named "batman htb" ffs

I know what the question is, and I know the answer, but it's showing me an error message.

And what made you think "Hey.. I better not ask the people actually offering up that task.. lets go over there to some random other people instead"?

That's no way to go through life, son

i promise i researched the plymouth thing after you talked about it

who better to teach than the people who made it, great courses

chat how do i flash linux onto an android :D

Holy shit 🤣

You need to have a jailbroken phone first

To fully use linux on it

Or if you want just termux

Android is based on the Linux kernel. What are you suggesting you want to do with your Android?

Anyone familiar with instagrapi?

What does the “target” in VM target mean?

context?

No like what is target?

A software or operating system? Smth like that?

Also how do yall manage the cubes in HTB academy? Subscriptions?

I understood your question

Now tell us where you got that from, give us some context to your question

Oh I was in HTB academy and they told me they have two targets and their names

But I don’t understand what target itself is and so I asked

I've never used HTB, but I assume it means that you connect and in your network there are two virtual machines, that are your target. Maybe one server, one client

target in htb’s context is the ip address of the server you need to attack

Got it

Thanks!

Also how do I manage the cubes

HTB has its own discord server, maybe join there

you pay cubes for unlocking modules. each module you complete you’d get some cubes back

but if you want to do advanced modules then you need to buy cubes

🥲

I new to this, i need some help, why does the NTLM sends a random number to the client to do verify, why cant it just verify the hash?

The "hash tag"?

the ntlm is the hash

Heyy

Oh wait Im in the wrong channel

neither NTLM1 or 2 are mere numbers.. how sure are you that you are really looking at NTLM?

i saw a graph that shows how NTLM works, and i saw it sends a random number back and i had no idea what the random number do

it says that it was suppose to be a challenge, but how

I don't know

-# why can’t I put images here?

The server authenticates the client by sending an 8-byte random number, the challenge. this is what Wiki says, i don't understand

or doest it means just send 8-byte of random string?

#🤝・roles-info

.w.

I don't know where you saw that, nor what server or client you speak of, but nothing about that sounds like ntlm

this make me even more confused, isn't that how the challenge-response authentication works? or i am completely wrong

not with 8 bit it doesn't

ah.. I see what you mean

https://en.wikipedia.org/wiki/NTLM

I want to learn OWASP Top 10 Web 2021

I want to learn it in a way so that I can able to explain to anyone even layman.

• Definition
• Root Cause
• Testing Techniques
• Impact
• Mitigation
• Code Example (secure vs insecure)

I'm just being stupid, I understand it now, thanks for the help

Helloo! I'm looking for notes and practical exercises to take the AWS Certified Cloud Practitioner exam. Does anyone happen to know of any good sources?

I tried rooting it and that didn't go well so it just bootloops now

so I decide I'll just flash like debian or something instead of stock

I want to flash a more standard os instead of stock, since it only bootloops rn after I failed at rooting it

HELP

IM BEI|NG

KIDNAPPED

https://tenor.com/view/realkimroro-police-gif-23236998

Help is on the way

GET in the VAN

NOW

Brother/lover

oki

Flash TWRP recovery and there are options to flash different OSes like GrapheneOS or LineageOS, but I suggest researching first. With TWRP you’re able to flash and install any OS or app like Magisk for rooting.

any good tutorials for that?

also my phone's an a/b boot, would that change anything?

Just search your Android’s model and how to root, there should be some wikis or video tutorials on youtube

uhhhh the only tutorial I found was one singular dead xda forum

actually that's how I got it boot looping in the first place

What is your phone model?

REVVL V+ 5G

wasssssuuuu0ppppp ppplll

Guys i need big time help I have been so burnt-out on learning the fundamentals of Cyber Security since june. Legit I feel like Im just constantly learning simple things and not actually getting to the practical side. What should I do?

Are you going to school for it or are you being self taught ?

?

just learn what you need until it's over, once you do you can get some hacking related knowledge
where are you learning?

https://tenor.com/view/twilight-bella-swan-ill-never-let-anybody-hurt-you-protect-you-i-will-not-let-anyone-hurt-you-gif-3378308279527539328

Gonna start uni for it but self learning rn

I’m using try hack me rn on pre security so close to the end but I’ve been on it for ages. I’m start uni for Cyber Security tho

yup that's how it is

Oh ok I don’t have any advice for you because I’m about to start my journey Thursday I’m going back to school

I’m going to do computer science

First

you'll keep learnin fundamentals as you go as well

sometimes you'll stumble upon technology you're not familiar with

and you'll need to hack it, to hack it you first need to understand how it works

a lot of the time hacking flow becomes faster due to the person knowing what they're messing with

i wouldn't be able to hack an active directory as much as i'd be able to hack into a web server

that's a lot of reactions lol

I appreciate it very much that’s why

Yh I fully understand you I just can’t wait to finish the fundamentals to finally start hacking something practically

The power of understanding is profound . Knowing and understanding is distant from each other

Rn I just need to lock in and hopefully finish pre security by next week and any other relevant fundamentals thanks @lost vapor

Do you do any activities to increase your thinking power z? That may help

Wym like reading?

Such as chess , reading , fasting , pure supplements , nutrition, and sleep

Yh I mean I do reading nutrition is 50/50 and sleep is not very good rn 😭😭😭

Play nerd games on steam that teach hacking or networking concepts for fun

Like what?

If your mind is not there you won’t be all that you can be . You need nutrition and sleep unless you can’t and if you can’t you must just bear a great attitude and try harder

Turing complete is good for understanding hardware/ how a cpu/ram are made
Tower Networking Inc gets you some interesting network practice
Shenzen I/O is also interesting for integrated circuits.

Ohh damn

Your right

Thanks so much both of you @woven anvil @modest sluice

obviously, games will be unrealistic, but its a nice "fun time activity" instead of your 5th games of valorant, or whatever people play these days

Your welcome Z

Games like Screeps help practice programming(using JS 🙁 )

Yh 100% they’ll teach you things rather than make you waste time

Ok

Thanks so much bro I appreciate it loads

Well it's too late 💔

anmd

whgat have u learnt

already

In #📜・rules

@lyric ibex first -> you hit the back button -> scroll down to rules -> select that -> then you read the #📜・rules

https://tenor.com/view/im-watching-watch-you-eyes-on-you-kid-cute-gif-16282723

@shrewd larkwe don't help with those type of things over here, read our #📜・rules

Ok so im now going into my last year before university and I am currently leaning towards working to becoming a pentester/red teamer etc. etc. Now I have 3 options: 1. Go to one of two bigger Uni's to do a bachelor in Computer Science, then I can do a master in cyber security or just continue my work after the bachelor. 2. Go to a smaller uni to do Information Systems, one plus is that it's close to me. 3. Go to a other big uni to follow a cyber security bachelor which is new this year. What do y'all think?

I think so far my preference would be 1. but I wanna hear what you guys have to say

i've gotten into pentesting and hacking without much of computer science, all depends on what field to you want to excel in

I mean im not that educated yet but red teaming seems like something that I would really enjoy doing

And right now I am working on getting into bug bounties myself

But the thing I was thinking about was that in my view Comp sci is a bit broader and after I can specialize

no need for any compsci stuff, learning hardware, networking, OS fundamentals, and some programming should be enough

if you do wanna go by that road because you're interested in the information go ahead of course, but if you fear that you'll miss out on something: trust me you'll be fine

don't take it only from me of course, you can check out google or even ask preplexity on that
i rely on ai to some degree for relevant information

Some of compsci was relevant

Its just the pacing of it didn't make sense

Im not in the usa btw so its different

me neither

and helping people with school work all the time
it doesn't seem that the pacing is much better in a bunch of places

My idea was just that with compsci u can go all kinds of ways and if I do a bachelor in cyber I immediately specialize

ah ok

Im working on those basics already myself now

Imo, the pacing of the classes are much better when you already have an understanding of the fundamentals

tryhackme -> hackthebox -> homelab

Understand how to:

• Install different OSes in VMs (Windows/Linux/BSD),
• Make a segregated VM network with its own VM router
• Use something like python, and find projects to do where you can implement python into it, like a "server manager" for a game or something.
• Build a computer( or how hardware works in general.)

You will learn way faster doing it this way, and you won't be in a position where they are asking you to use ubuntu in a VM, and everyone in your class is having trouble with it because everyone bought gaming laptops with 16GB of RAM and it can't run windows + web browser + an 8GB ubuntu VM because they want a GUI, and so nothing gets done.
The best part about school is the ability to interact with your peers there, and strengthen your knowledge by helping and tutoring others. After doing something 100 times, troubleshooting weird issues or setups by people making mistakes, you get a strong understanding of all of these things, and it helps you a lot when it comes time to sit down and learn a new concept on your own for whatever cert or job or whatever you want to do in the future.

Thank you for the info! Seems like im on the right path then lol because I've started with some of those things already

I am following the mooc.fi python course and I build pc's for a living

Also setup multiple vm's with kali and arch

and mint

also doing thm

Hello evry1

please i need a mentor and some1 who can guide me tru my projects

its not fre thoigh! lol

Nice. The "Segregated network" is an easy one, where you just work inside whatever hypervisor you are using, and make VMs to act as the "Gateway", or the "DHCP" server, or whatever other part of a router you want to learn about (these are just debian VMs, but you could use any linux, BSD, or even Windows if you hated yourself)

got a new role after so many years of interviews ....

Interesting, ill look into it!

Forgot screenshot
These are on 2 virtual bridges.
1 for "WAN"
1 for "LAN"

Can think of a Virtual Network Bridge as a "Network Switch" emulated in CPU.

Any1 with 3rd party experince ?

We don't really do Mentoring here. If you have questions about specific things, then feel free to ask them. But we recommend to get a deeper understanding, starting somewhere like here https://discord.com/channels/990435451334688768/1306084252437450763

thanks @woven anvil

Hello

Are you trying to create a virtual network

Nope. I was responding to someone else.

Ah my fault

Tired asf

like my WAN IP? 😉

Yo jeevis if you're interested check this out

My friends and I use it for project

I'll dm it

It's a lot

Can someone help me in regards of my home network, it was compromised, someone rewrote the admin page for my Motorola router, I can’t find a .bin file online, the ISP is not assisting me , my coax cable is acting as if it’s an RJ45 , my identity was stolen also

Ive come to conclusion per wireshark scans, it appears someone did a MITM ARP Spoof attack

If not, I understand

Hi everyone can someone please help if possible. How can i log into my yahoo account, i lost a contact number long time ago where they send verification messages and doesn't allow me to login using other options. Is there anything that can help me?

Thanks!!

@lost vapor

#📜・rules

holy skids

#📜・rules

call in your isp

manifest it

Send them a mail! And wait for the rare case to happen “their response”
If you don’t receive any help, best option would be give up TikTok! Less best option would be create a new one

Thanks for your question 😊

Anyone has ios spyware software or Pegasus??

whom do you want to spy on

I got project for android and ios

a project of making a spyware? i don’t believe that

You have or not??

If you have then kindly give me that

or what if i don’t?

do your research first dumbo. pegasus isn’t just random script you pass on discord servers. plus distribution of spyware and anything unethical is against #📜・rules

Then that is your choice what should i ddo

I know its illegal

but you didn’t know the rules

Ok thank u

bro

LMAO

find it yourself

it took me like 1-2 months to find Pegasus

sample n source as much as possible retrieved

• it’s not effective anymore

Bro anyother that is worth effective

nothing that’ll be free

or public

Ok boss

Stop talking about this dued

the whole point of a pegasus or the main idea behind it is that it's hidden from any public access purposefully, finding one is a big deal and what you'll find on the internet like any other type of malware would be detected and not work anymore.

people just forget about that when talking about these stuff

either that or they just don't really know to begin with

what’s your project anyways?

nobody has this

and no. you dont have pegasus
you have a malware sample taken off of an infected phone
you do not have the source code, binaries, or infrastructure to the actual control panel

infras to the c2 obviously not, I told you I attempted to retrieve as much of the source as I could

sample is obvious

yes so you do not have pegasus lmfao you are basically saying "oh yes i have lumma stealer because i went on malwarebazaar and downloaded the latest uploaded sample and reversed the source"

but you dont have the infra or backend control panel, making the sample useless and only for research, understanding and IOC collection

^^

so idk why u say "i have pegasus bro took me like 1-2 months to find pegasus bro", like u actually have access to the whole thing

and I clearly stated

source and sample

.

read the entire thing first lmao

yeah ur making it seem like u have the entire pegasus setup, control and builds

when?

unless you literally misunderstand what the guy was originally asking for

I literally clearly stated I have as much of the source retrieved as I could and the sample

I very clearly stated

yes from a sample which is useless

what you hallucinate out of the literal words I said is not my problem

he didnt want a sample of the malware

that was the original question

he obviously doesnt want a sample of it, guy probably couldnt even jailbreak ios 14 successfully

he wants the full thing, to be able to use it against people

you, then saying, "i have pegasus man it took me 1-2 months to find it" implies you literally have full access to pegasus control panels and builders

/exploits etc

obviously from that 1 message. Thus right after that I said sample and as much of the source as I could retrieve

I very very explicitly said it

you’re still going of implications “oh you said this so let’s ignore all your other messages and say you’re wrong with like less than half of the entire context”

when you say "as much of the source as i could retrieve"

are you referring to the backend infra or again, the samples of pegasus

because if you're referring to the samples then that is what i mean, he doesnt give a shit about that, and those samples have been heavily reversed and documented by other people over time

my point is that you just saying "oh i have pegasus yeah"
you dont have pegasus you cannot use pegasus
you have samples which were used in campaigns, you cannot use them yourself

why do you care so much? it was made clear he’s not going to get it from here anyways, if the third party has the source or not

question is already answered

to avoid people from claiming they have shit that they dont

helps avoid misinformation, scammers, etc

LMAOOO

bffr

i’m not sure how thrashing someone over something they claim is doing any good to this channel. if you want to report it or something there are channels present lol

as if I’m gonna sell it first of all

Second of all

I told you I clearly mentioned things

I’m going off of clear facts

You’re going off of implications

which you created yourself

No LMAO

Which you interpreted and hallucinated

did you assume he was literally asking for samples

or the entire infra to be able to use pegasus

I did not assume anything

I just wrote

that you had it

when you dont

Assuming doesn’t lead somewhere always

you have samples

as you can see, right now it doesn’t

Wth is happening right now

two completely different things

he’s going off of implications

saying I don’t have Pegasus

She literally wrote she has samples lol

because in his opinion it’s the e entire thing

Hey i just got called by someone who calldd with their own number and the person said my name and some random stuff (prob someone that knows me), how can i gather information about a number?

not sure but if you want popcorn ive got it

here is you assuming he means samples

but ok

find WHAT yourself

Find IT

literally can mean either

We don't assist with those things here #📜・rules

It’s yku assuming I mean samples

police. no other way

im sorry

I’ve literally said multiple times what I have

Yet you keep assuming

my point is that you cannot "find pegasus"
it is literally not publicly available

alright ill try that

All good

And my point is that I don’t have the infrastructure to it but I’ve obviously already mentioned it

I said what I do and don’t have

You keep saying “no you don’t have it because even though you didn’t say that you have it you apparently implied it”

I have not implied anything

the other guy’s going about attacking her with a question that is already answered lol

^^

you saying this literally sounds like you have everything you need to use it

is all im saying

yes, and I agree with you

yet you still take things out of context

BECAUSE

right UNDER this

I type the following

.

That was my message right under

so I have no idea what’s your reason for taking things so blatantly out of context

whether to defame cuz you’re bored or to spark some things up

I’m not wasting my time more on this anyway

which can also imply that said "source" you're talking about could be either backend infra or samples

have a nice day

idrc im just saying what you said in the way you said it made it sound like you have shit that you dont

hello i was looking for help i saw one of the last videos that talked about iphone security and how to check it through the phone app using codes when i used the 61 code the first option was enabled and when i tried to disable all it said there was an unexpected error what should i do

Is asking to be paid in bitcoins normal for a hacker?

usually crypto is preferred when it comes to underground sellers yeah

though if you're looking to "rent a hacker" or something, chances are its just a scam

True

What’s underground seller?

cybercriminals who sell malware, fake phishing pages, databases, etc

Oh oh

That’s not great

So for a job at an organisation crypto is weird?

uh, yeah usually lol

Thanks

"Hi, I am the new information security officer, and I have full confidence in my capabilities. I also would like to be paid in bitccoins" 😄

somehow i got my number leaked on a server what precautions can i take rn? they are signing up to apps and im getting tons of otps any suggestions/advice

change ur number

eject your sim , take 100 grams of gunpowder , put you sim inside a pich with gunpowder , take 1 liter of oil , burn the bag and spill whole oil on it

problem solved

Question about Kerberos, after you send a requested and id to the server, and it sends a respond that is encrypted with TGS, but the client doesn't have a key to decrypt it, then how is the client be able to read the message

the TGT doesnt need to be decrypted by the client

the AS wll include a session key which is encrypted with the clients own key derived from their password, thats what lets the client continue

Hello greetings everyone

👋

but the second process it sends a ID of service request with it

i don't understand why it sends the same thing twice and it's only used for two times

its not sending the same thing twice, its that the TGT is a reusable token, the TGS will just forward a fresh authenticator, which prevents replay attacks

so the message that doesn't need to be decrypted is only used to be authenticated by the server?

but it kooks like the client sends the whole thing back without doing anything to it how can this help with authentication

yes

the ticket itself proves auth, and the authenticator proves the client is active and holds that session key

so does it means that i need both of it in order to pass the process

yes both parts are required

can i do the same thing that is use to cheat NTLM, by just hijacking the two message and send it to the server

i was thinking this, because if the process only verify the result isn't it pretty mush the same thing as NTLM

kerberos is designed to prevent this by using its authenticator, its session keys are used only once per ticket request, and the fact that tickets expire

the authenticator for kerberos uses timestamps so, that wouldnt work in a replay attack

no because of the authenticator

but if i hijack the message with timestamp wouldn't it work? or that's simply not how it works

I am trying to make exploits for spesific CVEs , but I cannot find the exploitation details just a brief description which is barely usable, where can I find exploitation details

gotta search for it the right way, eventually you'll come across a PoC

what's the cve for if you don't mind me asking?

ctf?

Oh wait, because when you hijack it the time stamp will expose you so it wont work

thanks man

Tomcat RCE

CVE-2024-50379

are you exploiting in a ctf or?

lab?

room?

box name maybe?

No I'm just making CVE exploits to upgrade my skills

the cves are already made

Find a reliable exploit for this CVE in python

You probably can't

me who just found one

In python?

by a simple google query

yeah

a github withi t

Gimme a sec

cve = common vulnerabilities and exposures

Oh yeah didn't check that one

I know what cve means

However not every CVE has a poc

yeah just clarifying these stuff are known
you said you wanted to make a cve

it's different

No

you're right

I said i wanted to make an exploit for cve

ohh kk

I struggled with latest CVEs so I assumed it didn't have one either

Thanks for the help

even latest cves can have PoC's

just gotta search a bit more

i am using duckduckgo as my search engine btw

i find it to work better when i search for stuff like that

Yes but CVEs that came out days ago usually don't I get the point tho

a lot of the time, you wont find those details as they are commonly not disclosed

most you could do is download Tomcat versions before the patch occured, then after the patch occured, and diff the two files to see what was changed

Guys how to hack lucky patcher ?

elaborate cuz this question makes no sense

lucky patcher in and of itself is a sort of cheat, allows you to get multiple gems/bucks etc in mobile games

so what do you mean you want to "hack" it

It was a joke

hilarious

Yep I'm trying to avoid that and that's exactly the problem I'm facing I was wondering if any of you knows somewhere where such details are exposed

no, it doesnt exist

those types of details are usually found by patch differs who reverse engineer the patches to find a way to make an exploit

then sometimes release a Proof of Concept exploit

PoC is usually only released after a patch i believe(though not everyone would follow the rules)

it depends on the exploit though, if its an exploit for something that nobody seems to use, theres not going to be much interest for it

and therefore not much research done into the actual patch and going even further, making an exploit for it

I see

however if its something interesting that can affect lots of devices, or perhaps many company networks use it, etc etc, then it will have more research done and potentially more POCs

That means I'd need to spend like a whole day trying to make an exploit?

you'd probably spend more like a week just reverse engineering the patches

If your plan is to make exploits, then yes, you would be the one making the exploits(instead of just taking other people's)

potentially more depending on the complexity of the exploit/patch itself

then after you understand why the patch was implemented, and how it was implemented, and you understand the root cause of the vulnerability, then you can start to think about how you'd write an exploit for it

Seems tough but thanks for the analytical explanation

it is tough, zero day/one day engineering is extremely complex and requires extensive experience in other areas such as reverse engineering and binary exploitation

I thought a zero day was an exploit of an undiscovered CVE , that'd be refering to a one day I suppose

a zero day is an exploit of a non discovered vulnerability/CVE yes

a one day would be an exploit that is created after a patch, usually through patch diffing as i mentioned

and finding one days is obviously a lot easier since usually patches are narrowed down to a few functions which get modified so the vulnerability is patched

however zero days you are going in blind completely

What about a CVE that has not been patched but it has been found and there's no public exploit for it

thats disclosed

but unexploited

there is no specific "day" name for that

Alright

Ya all the "days" refer to is days to patch

does Redis has a build in nmap filter or it's just the owner's decision

for some reason using /nmap -sV <ping>/ only result in all port is ignored

I’ve learnt everything until the part where you learn about URLs and HTTPS

Is there rooms on THM or HTB where I can see how certain pentesting tools work in a contained environment?

Hydra room

nmap room

introduction to metasploit

burpsuite

Thank you

Are u in the ctf team or r u too busy to join?

most rooms in THM or HTB will have you practically using the tools related to the room

Yeah thats true I was just wondering thr specific rooms that a beginner like me could see how the process of using the tools looked like

check out the junior pentester path

Hi everyone i have a basic question can two devices have same ip address at the same time ?

for public IP addresses, no

for private IP addresses, yeah

Bro can you define answer please

though special cases like NAT will make it so that many devices inside a local network will share one public IP but each have unique private IP

if there were two devices on the same local network witht he same private IP, that will result in an IP conflict, though across different networks, NAT, Anycast, etc, it can work fine

though again for public IP addresses on the open internet, no, two devices cannot use the same public IP address

You can SNAT from LAN to LAN as well. Not only exclusive to WAN(But that is where it is commonly used)

small question, how can i detect honeypots on onion? i'm searching for some legit hacking stuff

any "legit" hacking stuff on tor is just going to be straight garbage

ur not gonna find some super secret and new hacking techniques that allow u to press 1 button and hack anything

a friend of mine said discord hackers ain't shit, last resort to learn something

it just simply doesnt exist, the clearweb would be better for finding resources on the different subjects within hacking

they arent really, mostly just com kids who think they know shit

got a point

though you seem to be ignoring the fact that real researchers are out here on the net doing real and proper research into new techniques

see DEFCON talks, BlackHat talks, etc etc

but still, how does one detect honeypots? nobody wants to be caught by the feds

thats kinda the whole point of a honeypot you're not going to be able to detect it

so how do people know some already?

primarily because there is usually nothing about a webserver or site that indicates its a honeypot, what indicates its a honeypot is who owns the site, which isnt exactly easy to figure out

and how do i know that the first websites that pop up when i search something the feds put honeypots into aren't honeypots?

talk within the scene, past experiences, sometimes OPSEC mistakes are made

again, you dont

yeah i figured it out while i was typing

thats the point of a honeypot, it is made to catch criminals

what "hacking stuff" are you looking for on the onion anyways

i wanna create malware

seems fun

you'll find barely any resources about that on the onion

not to mention before even "creating" your first malware you should know how to write code in the first place

Python, C, C++, etc, whatever you want to go with

i'm trash at all

i m cooked