#👥・help-me

check the ftp server

ftp.soulmate.htb

http://ftp.soulmate.htb

@patent gazelle

Nope not loading

you added in /etc/hosts?

Yes

its your first ctf machine?

No websites of any machine not loading not my first

lol

Sudden now website is loading I connect to htb support

Not loading

can you curl?

hi

Yes

whats your error code in browser? if you can curl then you can access it via http, port 80

can you even ffuf?

only in browser its wont work?

or gobuster or dirbuster or whatever you use, i prefer ffuf

I just got my sec+ so im basically an infant, but I'm trying to get my first tech job and wanted to ask for advice in here

what

There is precious little we can do in terms of general help - if you have specific questions, maybe ask those

You got at least a pos you want?

Heyy guys anyone familiar With CORS vulnerabilities ? Need some Help

I need to start with entry level help desk or SOC tier 1 maybe. I have sec+ but no job exp yet. I'm thinking VM home labs plus documentation could help me get interviews? any recommendations?

Most companies want actual experience, but some actually hire without any for soc, so
For soc you gotta learn everything about monitoring, logs, reports.

I dont think soc without specific experience/certifiation is really a thing anymore

Working as a SOC is so fun. We are all cooked.

Our reputation is going down if we can't stop attacks 😔

just flip the graph

ez problem solved

This year was insane with ransomware incidents

I am so glad we don't get those anymore

You know the entry points in our cases?
Devices that are not onboarded so we are basically blind.

Whenever I ask clients with a MDR solution if their contract partner has ever contacted them about anything, they say "no"

Always wanted to kick the bucket in that network and see if someone wakes up

Well whoever made the decision to allow those on the network made a mistake.

Right? I was complaining about that for years until we switched.

By now I consider those external SOCs essentially a scam

a bunch of them

Sophos is a scam straight up

Not all SOCs are bad but most of them are.

Some of them actually do their job

I also had to work with other SOCs and there is sometime a huge gap in knowledge and how they view certain incidents.

I think we will see a shift how SOC are going to operate.

I had to work with a company that did pentesting, and oh my. I can only assume their Techs just got a bunch of certs and got hired. I feel like companies like those will eventually fall apart

I assure you they won't

There is a larger market for clients that want a pentest purely for compliance reasons and are a-o-kay with rubberstamping

If you do literally a worse and more incorrect job than chatGPT in its current form, then I don't see why not.

Same with SOC.

Just hire for compliance

Ew >.>

When I started out as a consultant for a small company which prided itself on delivering good work, I was totally shocked how little is actually expected by clients

Consultant and sales are funny people. Selling services that don't even exist in our portfolio and we have to make it work magically

My old boss did that once.. promised a client that I'd be able to do something that we were 100% totally not capable of.. had to talk him out of it

then fix records and documentation to indicate it HAS been working and was totally correct the whole time (heh-heh)

does anyone know any collections of n-days/writeups?

Hey guys I want a new laptop for Christmas specifically one for cybersecurity and what not any recommendations thank yall

"For cybersecurity" is not really a defined requirement.. what specifically do you want it to do?

lol idk much about computers or anything I had a school laptop but not anymore so I want one for Christmas

not a huge gamer but I’m learning cyber and stuff just whatever can handle that yk

practically any laptop that has good linux support can do the job, unless you have specific requirements

Usually people end up buying any thinkpad within their budget

Thinkpad okay thank you

thank you for your help btw

Does anyone wanna learn c++ with me ??.I don't think I can do this alone

Lul, how do you see this field? Is AI taking it over? or what is the human-AI ratio now?

yeh

Fr ?

yes

I only view AI as a support tool that do incidents that are 99.9999% benign.

Confused about this!!
I am 3rd year b.tech atm I am doing ML projects

What should I do ?
Learn cybersecurity ( got interest in it(as of now and what tryhackme I ve done)

Or

Learn JAVA/MERN(I ve learned then but never coded too much soo) And go for SWE job
or idkkk 😭

Then won't there be layoffs at the companies?

I don't know. Maybe, maybe not. That's all the decision of the higher ups.

One message removed from a suspended account.

Have you tried the authorities?

Is there any reliable AI platform that can code for me

Specifically python

Basic stuff? Ask gpt

Don't rely on Ai for anything else though

why not?

Ai is not a magician

It makes mistakes

word

Can someone explain to me if there is any significance to ‘roles’? What the hell is that about?

Mostly there is no relevance. Though moderation roles exist.

nope, none

only you yourself and you

Governance, Risk & Compliance how important are those for a cybersecurity career, starting point, to learn and getting in the field :)?

Depends on your career

Cybersecurity is a wide field

From a starting point

starting point for what specific goal in cybersecurity?

Learning and getting in the field*

you are way too vague.. again - its a wide field. Wanna be CISO? Very important. Wanna be SOC analyist? Not that much

Yet I feel like everyone would benefit with this knowledge in the field

GRC decides the meaning of security; SOC decides the means of enforcing it

If you say so

with that approach I might also suggest getting an MBA

I feel like we should be talking more about rolls. Bread. Bread is delicious.

I....
So the question isn’t whether SOC analysts should become managers... but whether understanding governance and risk structures makes operational practitioners better at their job. From a systems and academic perspective, the answer is yes

This knowledge overlaps only marginally with an MBA. It actually belongs to security governance, audit, and risk disciplines—areas that are largely absent from standard MBA curricula

oh that’s a good answer. Nicely put

I hope this is an appropriate place for this: I'm reaching out to this amazing community in hopes of finding someone with a passion for digital forensics or cybersecurity analysis who may be willing to assist me on a voluntary basis. I believe my ASUS ROG Zephyrus Duo 16 (GX650PY) laptop may have been compromised in a very deliberate and suspicious way.

Here's the situation:

I’ve discovered several unusual behaviors, suspicious logs, and unexpected system changes in the past few days.

I suspect some form of remote access, injection, or manipulation, possibly initiated during a live support session (yes, I know, red flag in hindsight).

There were weird file transfers, background activity, and I’ve documented strange indicators that just don’t feel right.

I disconnected the system from the internet immediately once I realized something was off and I haven’t reconnected it since, it’s in a forensics-ready state now.

I can’t afford a professional right now, but this is serious enough that I don’t want to let it go unchecked. If someone with skills in malware analysis, incident response, or low-level system inspection is up for a challenge, I’d be incredibly grateful.

What I Can Provide:

Full context of what happened.

Access to logs, timestamps, screenshots, memory dumps, or other data you might need.

I’ve already pulled some forensic artifacts (reg hives, SMBIOS dump, ACPI power config, vBIOS, etc.).

Willing to follow your lead, this is a learning journey for me too, and I’ll document it if it helps others avoid what I’ve gone through.

Looking for someone who:

Enjoys deep-diving into potential security incidents.

Has experience with reverse engineering, threat hunting, memory analysis, or UEFI/rootkit detection.

Is okay doing this pro bono (though I’ll shout your name from the rooftops and feature you in future writeups if you're open to it).

If you're curious or willing to dig into this mystery with me, shoot me a DM and I’ll fill you in on everything I’ve got. This isn’t just paranoia, there’s real evidence of tampering, and I could really use a digital ally right now.

Thanks in advance to anyone even considering it

very interesting request, however what are you trying to conclude or achieve with this investigaition?

Holy tldr

I'm trying to find out if anything was injected or if there's anything I should be concerned about. I currently have legal claims against the company I suspect to be responsible. Something is very much going on with my unit, but right before said chat support interaction, there was a windows update, so I'm really not sure what caused the strange behaviors I'm seeing with my unit, but I'd really like to know for sure

@unreal flume said @deft violet . ASUS ROG Zephyrus Duo 16.
observed unusual system behavior and logs suggesting possible unauthorized access, potentially during a past live support session. The laptop was immediately taken offline and is now in a forensics-ready state.

can provide full context, logs, timestamps, screenshots, memory dumps, and collected artifacts (registry hives, SMBIOS, ACPI, vBIOS, etc.). This is also a learning exercise, and I’m happy to document the process.

If you’re interested in helping pro bono

what software used in the support session?

Hello guys, i have a question. Is virtual machine + proxychains + mac spoofing recomended to stay anonymous? Or is there a better way?

@unreal flume

I was asked to send a photo "for reference" however upon clicking the photo to send, that's not what actually sent. An event.txt file sent

When I clicked the file after it sent everything from my downloads folder came up and started what appeared to be, fast loading in the windows, i tried to snap a screenshot but my screenshot apps wouldn't work, so I immediately disconnected from the internet

The company in question is the manufacturer so who knows what access they have that would have allowed it to happen.. 😒😩

question to be asked, staying anonymous from who?

This doesn't answer question what software was used

I mean some kind of RMM I imagine, I’m just curious what

None that i know of. A web browser, my apologies

Hi everyone, I'm new to programming. I basicaly want to build some kind of encrypted email program with a few extra steps. Somebody got an idea on how to start? So far I started learning python and the Linux shell. But I'm still a full noob so every recommedations and tips are welcome.

I'd suggest you try to firstly write a small Python script that takes a message -> encrypts it -> decrypts it; after that, connect it to email, encrypt the text before sending -> decrypt it after receiving; for Python you can use libraries like cryptography or GPG (link https://medium.com/@mellomaths/pgp-encryption-with-python-d778c9fe1fd9)

Heya! Anyone have any feedback or personal reviews on the THM Security Analyst pathway? It looks very beneficial to learning the basics of being a SOC analyst and maybe even give some understanding of what it's like to be a SOC analyst. I went to WGU for cybersecurity (didn't finish - made it 65% of the way thru the BS program) and it didn't feel like there was any hands-on SOC work to help understand what it would be like to actually work in cyber (maybe there is hands-on stuff in the 35% I didn't do). I was just hoping for some perspective and insight from pros who have been working in a SOC for some time AND who have done the THM Security Analyst stuff

Thank you! I'm about to get started and I'm really looking forward to it, but it's a long run. Roughly 120 hours, I think. I'm stoked to learn!

Thm soc analyst path is " ALRIGHT"

Nothing crazy

If u wanna do soc

Learn on letsdefend

I would LOVE to do SOC. I don't know if I will ever get even so much as an interview for a L1 Analyst role though. I've been studying cyber and doing hands on stuff (Josh Madakor's SOC program) for 2 years, submitted ~2,300 resumes for soc roles, and received zero calls. I've even had several cyber pros (including an engineer and a CISO) review my resume to make sure it's not the resume, and they all say it's great and should be getting me some responses. So I'm left to believe the job market is a bit rough the last couple years.

I'll check out Letsdefend! Thank you for the rec

@hushed cobalt As a SOC analyst, I can tell you that GRC is very important. Being a SOC analyst involves a lot of, well, analysis which in turn involves a lot of decision-making. A lot of that decision-making process is rooted in governance, risk, and compliance. There are also people who ONLY work in GRC (which you probably already know) and they do things like third-party assessments and draft policies surrounding information security for the whole org. Yes, a CISO would have their hand in that as well but by and large they would be delegating the work and serve as the liaison to the other members of C-suite. Pentesters need to know about GRC as well so that they can understand the significance/sensitivity of any compromised data and so they can communicate the gravity of such a compromise to their clients. In any case, rest assured, you are right. GRC is important for every cyber career field.

For pentesting what do i learn first

@plain arch Network and Website basics

I learn languages before or after?

I'd say during

Like just do a little bit of coding every day

Let the networking and website knowledge you get guide your code

Anyone here who has won a hackathon ( code an app according to a irl problem )
Need some tips if you hv

I’ve been trying to log in to my old Facebook account that I had back in 2018. All I have is the email address. Anyone with tips on how to open it

I have given you the way in #💬・old-gen-chat

Already tried reporting to Facebook but it keeps telling me to login from the phone I had logged in from. Sorry if my question sounds weird, I’m a beginner and I’m really just trying to get my account back

Answer stays the same. If facebook support methods can't help you, then neiter are we going to

Networking: netacad is good platform (THM and HTB Academy)
Programming:

• Scripting: Python, Ruby, Go (sololearn, codedex, freecodecamp, etc)
• Web exploitation: JavaScript, PHP, ASPX, SQL (portswigger)
• Binary Exploitation: C, C++, Assembly, Rust (pwn college)
  Learn any or all above langs as per requirement
  OSes: Windows (especially powershell), Linux (especially bash)
  After covering fundamentals: Tryhackme, Hackthebox, similar platforms for hands on

Hi Eric, quick question 🙂 Do you think the IdeaPad 5 with an Intel® Core™ Ultra 7 255U processor would be good for someone just starting in cybersecurity? Thanks! And if you have any suggestions, I’d really appreciate it.

do i NEED C, C++, Assembly, Rust

For Binary exploitation (A part of offensive security) yes
Well it is kinda advance field, so as a beginner I would say no

Whats with "Eric"?
Same answer as before, think about what you need a laptop to actually do, before you look what model to consider. Then figure out if people experience problems installing linux on it.
If you are unsure, look for models that could be upgraded later on. If you can't make up your mind, then just buy a cheap refurbished one to save money for when you actually know what you neet

"Just get any thinkpad within your budget" comes when you really can't make up your mind

Bro read Eris as Eric 😆

any tips for assembly c++ and c?

that never happened in years, and in the last week 4 people did it

Yes, do not start there if you are uncomfortable, start with something easier
Also on how to learn them, there are sites like sololearn and codeacademy to learn them and when you do, make sure to actually understand it, especially C!
No need to go deep in assembly, C, or C++.... Even I don't know few stuff, but atleast a understanding is required

like i need to know how to program? in those languanges

Well as a beginner no, but there are few fields like malware development and exploit development where coding is involved
But for now I would say try to understand them, no need to dive deep

Oh sorry for the mistake, Eris2cats 🙂 I’ll be starting my studies next term, mainly for VMs and coding. That’s all I know for now. I was thinking that if I buy a new laptop, it should be able to handle running Linux VMs long term.

Whats you budget, and are refurbished machines an option where you live?

I found an open-box option at Best Buy: an ASUS Vivobook 16" laptop in Indie Black (Intel Core i7-1355U, 16GB RAM, 1TB SSD, Windows 11) for $629.97.What do you think?

I think you did not answer my question

#💻・setup-and-rice message that's my current machine - bought it refurbished, upped ram and storage

Hi

~ 800 EUR

Ahh got it, thanks for explaining 🙂 That makes sense. Your setup looks solid, especially running Kali and an emulator on a refurbished machine. I’m just starting next term and I’ll mainly be using Linux VMs and coding, so I want something reliable that can handle that long term. Based on your experience, do you think 16GB RAM is enough to start, or would you recommend planning for an upgrade later?

I have several laptops and none of them have less than 32 GB - you could make do with 16 I guess, but again.. you NEED to think about what you want that laptop of yours to be capable of, before you can answer whether a machine is enough for it.
You want a Kali attack machine, and a domain controller and maybe 1-2 domain machines emulated? Then 16 maybe not enough.
You want to be "capable" to do it? Then look for machines that allow you to update the ram and have enough threads to pull it off.

That makes sense, thanks for clarifying. I’m just starting, so I’ll probably begin with simpler labs, but I do want the option to grow into more complex setups later. I’ll make sure whatever I buy allows RAM upgrades and has enough threads to scale. Appreciate the advice.

Im a bit late, but you'd be surprised what you can get away with on limited hardware. I started on a laptop with the screen ripped off and a monitor from the 90s I bought off my friend for 20 bucks. Just focus on the learning and you'll find what you need eventually 💪

The majority of tasks have very low requirements, its true

Lol this is almost impossible

It is possible i said almost impossible
Phones are the most secure os out there and the tools and software available needs alot of social engineering

i might be a noob but why I'm not able to send GIFS in here 😄 ?

Dig in and learn about real mode,it will teach you about how cpu works

Zeroday vulnerability?

image permissions are tied to the rank you have on this server. Image links at 10 levels, uploading images at rank 25

ahh okay, i was figuring it's something like that . Thanks

Hello Everyone, i am Data Analyst opned to learn AI Automations ( Power Automate and N8N ) would appeciate any help i can get

you dont need an RTX 4070 and a gaming mouse for cybersec like in the movies

just make sure it can run a vm

and mint linux

Hello everyone, I am a very beginner and I need some guidance regarding this IT field, especially networking, cybersecurity, cloud security, DEV Ops, I need a proper roadmap where to start and what are the opportunities available. I am currently a noob, absolute zero in knowledge, but I have this passion of pushing myself up towards this field, someone please can you help me out, and provide me some guidance, you can dm me or let me know here itself wherever you can, and it will be a great honour to learn from experts like you all. Have a great day ahead

#👥・new-member-guide
#📜・certs-and-career
#🛠️resources-tools
This should give you an idea about it

Curated learning paths are usually tied to paid material and support

Hi Reaper can i suggest you to check for the site of Cisco if you are a beginner,they have something call Skillsforall,it is totaly free and it will give you a roadmap to build a good foundation

they have a broad range of different topics

If any of you are interested in some sites where you can build your own lab without having to buy the equipment for it like routers and switches ,let me knoz

go check this https://www.netacad.com/

I have the same issue, but mine is Snapchat. The person has access to the account and has changed the email address. So what I see when I log in with a different method is a hushed email address.

Same answer

No one here is looking to become an accessory when people 'believe' it is their account, when in reality it is the service providers data and infrastructure

Hey everyone, I did a quick security check on a web infrastructure and here’s what I found:
• Critical: Public debug file exposing server configuration and paths, potential RCE.
• High: Backup directory accessible without restrictions, risking database backups.
• Medium: Missing security headers, allowing clickjacking.
• Low: Some files reveal software versions.

Do you think this would be enough for a reconnaissance report and an initial assessment?

You sure about the findings?

If you are assured

so uhhh how do i change my super key?

well the appearance.

G-NOME

Plus i deleted two boot entries in the nvram, but still no boot 😄

Anyone could, help. even Eris, knowing u got the brains to these things

I'd start with describing in more detail the 2nd question

oh.. how do i fix my boot entry... Boot 0002 is Zorin, while the others which is in The NVRAM is Windows Boot Manager, Garuda which i deleted. Yet it still doesnt boot, Btw theres no help in the bios. So i cant change what it should boot into inside bios...

I used efimgrboot -o 0002.. didnt work...

The OS Boot Manager is still there. Oh and its a HP laptop

So im stuck with F9(boot options) every time i switch the laptop on

but its cool, il rock with it

i need help to track a cellphone number, he is trying to scam me

Go to the police

Hello, im currently running an OpenMediaVault server through Proxmox and i wanted to ask if there are some practices i could do before installing anything or doing any portforwarding to make both the VPN server and my Hypervisor more secure and less likely to get infected or hacked, I only know the basics of linux so if you happen to stumble on to this help request assume i know nothing, thank you so much for and thank you for the support!

well depends, what are you running it for?

objective? usage?

Remote access to friends

Give them some of the spare storage I have

I'm also doing this for educational purposes because I'm a junior in networking

im thinking of installing a custom rom onto my Galaxy Tab A9, ive yet to decide which one to go for but i feel like pixel experience would be a good choice, can someone maybe walk me through the steps just so i dont f up

use ssh keys and not passes, update all packages, don’t port forward

use separate networks per user

don’t give them more access than they need

and attempt to not modify services that may be used as privilege escalation/ exploitation vectors

more particularly all of the ones listed here https://gtfobins.github.io

oh and fail2ban though that’s irrelevant if u use ssh keys

I will need more explanation on that one

That I have done

I will have to port forward to allow the wireguard L4 port

Don't trust any one with your income work hard for what you want

This sounds super sketch but I have a friend who’s reached out to me as she’s forgotten her email password. She knows I’m into pen testing and asked if I could essentially figure out her password or get into her email.

She’s forgotten the password to the main email address and the back up one.

I’ve just started some enumeration and can’t see to much online regarding leaked bases. Also breach directory is down which is annoying.

Any recommendations to how I can further enumerate / get a foothold ?

Otherwise I’m going to have to make a word list and just brute force ?

You are not going to brute force shit here

Yeah I feel like I’m up against a loosing battle here

I’m doing OSINT but finding it hard to come across some decent websites to get leaked hashes

dudessss

when flashing twrp

do i just use the vbmeta file extracted from the official firmware?

if im downloading apk file on LD player mobile emulator my actual pc get affect with malware

Proper host isolation is it's own topic

wdym

where do you fail to understand what I said

yeah no

osint won’t have much

passwords are always hashed

and bruteforcing will take thousands of years and many ips

you’ll get banned on many ips

js contact support

there’s not really any good legal way to do it

or even an illegal one either

I’ve contacted support and also went through their motions they are unable to assist. Might be a case that the emails lost.

Poor password management on her behalf tbf back up email is her partner who is no longer with us.

The old passwords she used were pretty awful

ijust need explantion im simple user

avg guy

who plays vg

You told us that downloading stuff in your emulator has actually infected your PC, right? Well, isolating an emulated environment from the PC is something that needs to be cared for. IT does not care if you are "just a simple user". If you dont know what you are doing, you suffer consequences

This does not get easier just cause you don't know about it.

Dang, I could use some cash for Christmas.

I need help on setting up Kali Linux on my Dell latitude e7450

Give us the details. Did you follow the OFFICIAL installation guide?

It's not a difficult question..

yeah, I follow a tutorial on YouTube, but I if i could get another one I could try using it instead

So no. You did not follow the official guide

Which tool did you use to write onto the install medium

Rufus especially is known to break the installer, for instance

What steps did you already take?

Hello guyss, I was going through MDI's documentation, which is like 600+ pages (I'm only going through the pages where alerts are mentioned, i.e which kind of interaction might generate what alert) and making a cheatsheet like this, writing down all the alerts and logs to better understand its behaviour, for evasion and a bit of red-team mentality. Is this a good approach, or should I do a course focused on evasion and red-teaming? I am planning to do CRTO in some time tho.

I'm making a cheatsheet in the following format:

| XDR Alert Name | description | Detector ID | External ID | Possible attacks | Updates | MITRE ATT&CK

:)

Wait there is an MDI documentation?

Yea, and and its massive lol, it include other related products too tho

Don't, it has not been maintained for years

In my opinion MDI alerts are pretty self explanatory based on the alert name. But you might have to look into KQL query to find out what the exact reason cause the detection.

No, it's basically a virtual environment

I downloaded Virtual Box, Kali Linux, 7-zip kali Linux extension, some kali Linux - iso file, I extracted the 7-zip file to Virtual Box, created a Machine and started graphical Installation, but it kept breaking along the line

I downloaded Virtual Box, Kali Linux, 7-zip kali Linux extension, some kali Linux - iso file, I extracted the 7-zip file to Virtual Box, created a Machine and started graphical Installation, but it kept breaking along the line

LDAP alerts are a mess because you don't see which process executed it sometime

Because the following:

1. Website isn't dumped
2. Hashes aren't crackable, they take years

you will only get hashes through leaked dbs

But you could use KQL filter and search for DeviceNetworkConnection and filter based on a few LDAP port

I'm moving from penetration testing to kind of red-teaming so i was doing it to get an idea which attacks, or enum commands, etc get alert

Would have been great to tell us right away that this is a VM installation. Whats the host operating system?

like they teach in CRTP

In my experience, most attackers I had to deal with were the ones that found a devices that were not onboarded in Defender XDR.

So you were basically blind

none, just made it up I used my username here

If you are unclear about what it means, I'd really suggest not to use it. Why blackarch anyway?

The only thing you notice something strange is going on is either when a honey token is being queried or a DC sync is happening from an unknown device

So virtualbox.. but no host operating system to run virtualbox on?

Did u know sysmon Event ID 1 and PowerShell event ID 1 are not the same

Spooky stuff

So what should I do

I beg customers to enable Powershell script block logging

But they complain that the hard drive is getting full too quickly

How do u beg could u demonstrate

No, I don't get you. But if "boredom" is your motivation, then do what you want

Pleeeeeease turn on PowerShell script block logging so I can figure out why alert xyz happend

😂

go to kali.org, look for the official install guides. Follow them to the letter

that means I won't have windows anymore

I'd be using Linux as my os then

Entirely up to you

what if I try vm ware

Same answer

There are install guides for virtually every variant

I definitely wanna see what vm ware looks like

As I said, entirely up to you

good for our fellow pentesters :)

Honestly just compromise the AD CS some customer forget the install the MDI sensor on it.

And you also get DA if a certificate template is vulnerable

don’t

it’s deffo a bit less safer

just use vbox

I am so tired of being for vpns and process so please I need help on how to get a free proxy to use for my daily activities any recommendations please?

If "free vpn services" were great, they wouldn't be sustainable

okayyy, this was new
lessons from real-world engagments are my fav :)

We gave up in the end, there were a few data breaches on the email she gave me, but all her back up emails were redundant and passwords also forgotten. I’ve told her to just set up a new email and use a password manager, to avoid forgetting all her passwords. Appreciate everyone’s assistance though thank you. 🙏

If you want convenience and don’t want to have to set up proxy chains each time, then just bite the bullet and pay for a decent VPN like mulvad. My opinion anyways.

ty sorry for late response tho

Hello everyone ! I’m very new to this cybersecurity and related space so I apologize if I don’t know all the terms and such🥲
I just recently started my studies (currently doing THM Pre-Security). I’m interested in becoming a SOC analyst so I thought I’d come here and ask the professionals with experience for any tips/ suggestions that could help me through this path. Through the research I’ve done I’ve seen people mention A+, Security+ and Network+ certs are very good to have but are there any other certs that could help as well?

Thank you in advance

protonvpn is free and although slow, still decent

in terms of proxies most free proxies will yoink ur data

and are no better than vpns

atleast most

#📜・certs-and-career is pretty up to date

dont get a+, very beginner and unnecesary

s+ and n+ is nice, i have both

Wouldn’t that be beneficial for me though as a beginner? Or is the pay off not worth it even at this stage?

skills over certs

any time

work on getting better

not hunting certs

gg

#📜・rules

Can noticably slower phone charging be a sign of device penetration?

gotcha 🫡 will keep that in mind

Thank you!

ofc !

sure !

I've been suspecting it a lot today as i noticed some unusual stuff happening (Telegram login attempt, Gemini assistant popping up randomly and the slower charging i mentioned)

im just concerned about what i can do

factory reset

You think it's called for in this scenario?

anytime you suspect you have gotten infected

you factory reset

malware can be persistent, malware can replicate

relying on antivirus alone and ifnding it detect something and get rid of something is not reliable

the malware can still easily be metamorphic, polymorphic, could have changed, mutataed

anything is possible

some malware can stay after factory resets (like the ones im trynna break my head with while developing and makes me wanna kms) but its very very very rare

Alright

Thanks a lot for your time

and for the info

definitely helped

no worries !

Thank you very much. I'll try that then

I think my iphone 16 is being hacked by someone could anyone gelp me give me some knowledge

As well as my chatgpt is being hacked how would i confirm this maybe trace it back

yo

guys what do u thing is the right way to hope on web security , is it CTFs or pentesting ?

Can I ask my friend to get me a flipper zero from us will there be any custom issue

Well
Pentesting means a simulated cyberattack where a security professional tries to find vulnerabilities and exploit them
CTFs do contain pentesting but they are gamified version

I would say learn pentesting, because most of the beginners start with CTFs and they get disappointed because they cannot get any flags. There fundamentals aren’t clear

CTF is just a practice ground, but for that you must know what you’re doing. It is like CSGO, but to play it you must know what are different guns, which gun to use when, where are the enemies found mostly etc etc

So start by clearing fundamentals, pentesting and then CTF as a later thing. For web security, start at portswigger and learning fundamentals about web

thank you❤️

i need help guys

i have forgotten my phones password because of that, i cant turn the phone off. cant someone tell me how to flash the password without offing the phone. and the phone is samsung s7

That comes under authentication bypass and we don’t provide help with that. Make sure to review #📜・rules

gg

unfortunate

sorry i had no idea

Great advice, thanks 🙏🏾

nerd

😂 lol

MF

Can anyone gift me nitro membership

Guys please can anyone help me with link to a free course or resource online for software testing that can carry me from zero to a job ready tester?? 🙏🙏🙏🙏🙏

How can I upload a pic I want advice on how to reduce my mother's surgery bill ???

Hi everyone. Can anyone help me with a crypto mining site or app that gives you real cash and not small percentages or small chunks.

I need someone's help in getting some money refunded from these corporate devils

Can someone plz provide any insights?

I really don't think that this cybersecurity server is the right place to ask for that

We collected some links
#👥・new-member-guide
#📜・certs-and-career
#🛠️resources-tools
#💕・free-resources

What exactly are you looking for here

A apps to mine crypto that I can live off of from month to month. And learning and maybe a online job.

Yeah my bad I was just asking in case anyone knows a thing or two sorry

There are many books to choose from when it comes to learning a specific aspect in cyebrsecurity. There are so many web application security books I found but I have no idea which one to pick as a beginner. How should I pick a book that best suits me as a beginner?

hi everyone
i want a help on two labs
both of them is "Hard"
its The Great Disappearing Act and Scheme Catcher on THM

Thank you

Love From Big Brother

Entering 2026, I want everyone here to encourage each other and work together.

For the first three months, focus on yourself.

Know exactly:
•how much money you make
•how much goes out
•how much you have left

This clarity matters because 2026 will be big for investments.

AI and tech are accelerating fast. Crypto, stocks, marketing—everything is shifting. Avoid meme companies and businesses built entirely on someone else’s infrastructure. If their system crashes, you crash. Learn how to build or support real infrastructure.

If you work in cybersecurity, tech, construction, admin, or any desk-based role—pay attention. AI is already replacing jobs. Most people will feel unsafe next year. Don’t wait. Study how AI is changing your industry and become the solution before someone else does.

Understand your habits and patterns. Be happy, but responsible. Treat yourself without guilt. Money is meant to move. When you’re clear and relaxed, opportunities come. This isn’t mysticism—it’s function.

Audit your circle. Strengthen family and close friendships. You’ll need them in the coming years as housing, currency, and work structures change. Stay around people in your age group who share your drive and energy. Avoid shallow connections. Be around people who challenge you and sharpen your thinking.

At a certain point, life isn’t about emotion—it’s about information. Take clarity from people, not their noise. Learn to filter value. This is about your life and where you’re going, not who you like.

Stop waiting for validation. Be your own parent. Be your own biggest supporter. Know you’re good at what you do because you live it, not because others clap. If you can’t handle the smoke, don’t chase the fire.

I love you all.
Thank you for being part of this Discord, supporting each other, and sharing knowledge.
And respect to everyone who found work and growth through this community.

Let’s move forward with clarity.

hey guys, is dsa necessary in this field?
also i am only good in python and java a little, do i need to learn c/c++?

Hey guys

I'm up with something

I need some advice

Today I hit up with something weird behaviour from my classmates whatsapp account

The attacker somehow got access to her WhatsApp
And he's trying to hack more by sending an apk and an image

So what I did was
I downloaded that apk and tried to check the threats in virustotal

And I found these threats inside that apk :

Trojan.Android.Banker

Spy.Banker

Trojan-Dropper

Riskware / Obfuscated APK

Now I'm trying to reverse engineer the apk and trying to find vulnerabilities that can lead me to the attacker
Or maybe something that can help me give an analysis of the threat behaviour on the innocent users

I'm all ears for any kind of advice

a malware analyst pls help me

what can i do with a MD5 and SHA256

its used to hash stuff like passwords

whose passwords

most services use it to check i ur password was correct without saving it

oh ok

do yk c++

a bit but not rell good why?

i decompiled the obfuscated malware on ghidra

and need help understanding what it does

ik its antivm

but i legit dont understand anything its saying cuz ive never worked with c++

sr cant help with that

alr

but good luck

thanks

Do anyone know if this system is good? https://noxsystems.com/ its called a high risk security system - like the should be no possible ways to get into the system

yea i cant its hard asf

sr i hope u get help her

i wanna be a malware analyst fr but i cant even use ghidra

u might need to start at more of a base level but idk i aint in this topic

Run it in a emulator and intercept web traffic with a proxy to get the attackers ip and maybe api credentials, gl

uhh a lot of?

depends

you don’t even need a malware analyst to tell you that

is it like a ctf

no a real malware

prolly accesing little kids webcams

i wouldnt be surprised

i jst needa find the webhook so i can delete it

and then they cant webcam kids and do all that other stuff

creepy asf

well i have it

i wanna do smth with it

There is a lot of context you are missing to be able to work with anything like this.
Additionally, using your abilities to track down another person or to cause computer/systems damage to someone else would be unethical. Dealing with an issue yourself instead of reporting it to the proper authorities would be vigilantism. We do not discuss vigilantism here as part of our #📜・rules.

If you want to learn reverse engineering, then grab some C/C++ materials and start learning.

understood but what can u do with sha256 and md5

Look up "Hashing Algorithms" and you will see what they are, and what they do.

thanks

wait so what if u use hashcat

does that dehash it

No, it attempts every option in a "dictionary" file, hashes it, and see if the results are the same.
The amount of combinations for sha-256 makes it pretty uncrackable.
However, hashing algorithms are used for more than just "password hashing", they are also used to determine if a file has been tampered with. These file hashes would be completely useless in hashcat as trying to "dictionary attack" a binary or similar file would I assume be harder than a string of text.

Only legacy applications would be using MD5 for password hashing at this point too.

Anything worth its salt + pepper would be using other ones

Hello, yesterday I left a message, a kind of request/help but I can't see the message now, I can't understand can anyone tell me why message is not being displayed here?

Does it break the #📜・rules ?

I don't know I am kinda new here

It was kinda long text me explaining my situation and the help I needed

@white aspen
I see this one

Oh yes this is it thankyou

Yeah, people recommended the same thing Null recommended above.

Buggy also recommended checking out https://www.netacad.com/

Sorry I am kinda noob in discord

Okay lemme check

Okay thankyou soo much

Thank you @scarlet thicket @woven anvil

can anyone explain to me what a "docker" is

i am lost

It's basically an isolated environment that runs some kind of application.

what is it used it?

in*

To deploy applications / services quickly

huh alright thank you

Honestly, you can just use google for that.

There are some tldrs that explain the concepts

it’s hella useful

terraform+docker

you know how you can use a virtual kali machine, to run a tool that is available in kali, but not windows?

yea

docker allows you to slim down the virtual machine that is necessary to run that tool.. so that the container essentially becomes just the service, to run that command

I can run kali as a docker container

so its a small virtual machine for testing

I don't get access to any of the gui tools though

You can run anything in a container

it "can" be very small, it does not need to be

oh okay thanks

and not only for testing

Anyone good at malware reversing?

instead of installing a webserver, and nextcloud, and whatever else you want.. people say "just use a docker container" that already includes that stuff

Doesn't have the flexibility of a virtual machine.
Virtual machine gives access to emulated hardware for an OS to run its own kernel and such on.

Docker Container gives a restricted area in the current environment to run said applications.

okay thanks

holy this server is helpful

Has anyone used ray hunter before?

Attended a workshop with one of their european contributors, why?

hello Guys can anyone help me with IMEI tracking, Someone stole my phone and the authorities wont help me so i gotta do this myself.

no
#📜・rules

then u don’t need to rev eng it

also sure it can have vmprotect but it’s not hard to simulate a pc more closely than just a vm

what the

did it just auto react

@near sable but sure i’ll take a look

Authorities wont help?that doesnt sound normal man

That phone is probably already somewhere being sold

They got a bunch of phones they are tracking but i have never seem any who got his back from my country i mean

Depending on what country you're from, it's quite normal

Honestly just lockdown the phone and get a new one

And also get a new SIM card and lock the old one

Not really

The government would care alot if enough information is provided to them

would they?

Yeah glad you somehow understand me, Thanks

I'm from the UK and over here, our police are terrible

They got the details but for them to do their job you will have to pay them roughly the same amount as you bought the phone

Am from Kenya which is in Africa and the police dont help that much

Honestly, low value goods like a phone are never going to be worth tracking down.

Im afraid thats your only option

I'm sorry but i beleive thats not the only option i have i will definately find a way to track it down.

The only thing you end up with is getting scammed by someone that claims that they can help you.

Yeah you would need more than the original price to even figure out who owns the phone now

Facts.

I know but i have to try what i can do rather than giving up on it.

so what i wanted is a clue on tools i can use so that i can dig in on it

Hey everyone, can someone help me with the partitions for a Linux dual boot setup?

what distro

Parrot OS

I have the hard drive for Linux and the SSD for Windows.

They took inspiration from 1984

"Kenya which is in Africa" is a wild statement ^^

There are no tools available to you, is what we are saying

This isn't a matter of "I believe I can do it", it is a matter of "If you have to ask, then we know you do not have access to any".

hi

i need help

everytime i try to install metasploit my laptop freaks out and wont let me install it like it keeps spamming "threats detected" and idk how to put it on a whitelist

windows user

anyone know if like need to actually remember the osi layers or its enough just to know their purpose? (feel like you can just for a sec to search it and in the time you just know it)

Why don't you run these hacking tools in a VM?

my virtualbox broke and couldnt run kali linux

like an error shows up

i tried fixxing it

but nothing happened

Try and fix that somehow

so i js gave up

Or use VMware

idk how to download vmware :P

im too dumb on tech

should i send u an ss on dms?

of the virtualbox error?

Just copy paste the error message

Failed to acquire the VirtualBox COM object.

The application will now terminate.

Document is empty.

Location: 'C:\Users\Administrator.VirtualBox\VirtualBox.xml', line 1 (0), column 1.

D:\tinderbox\win-rel\src\VBox\Main\src-server\VirtualBoxImpl.cpp[863] (long __cdecl VirtualBox::init(void)).

Result Code:E_FAIL (0x80004005)
Component:VirtualBoxWrap
Interface:IVirtualBox {2ce10519-3c09-45d8-a12d-e887786146b7}
Callee:IVirtualBoxClient {d2937a8e-cb8d-4382-90ba-b7da78a74573}

Are your running Virtual Box on an external hard drive?

no

ssd nvme

Did you try uninstalling and installing it again?

yep

repair it?

already did

No. Do a full uninstall.

yea i did

both

I'm not sure how you mange to brick that

uninstall and repairing

tbh, at first it was working fine but the next day it stopped working

Does the "D" drive exist when you open the explorer?

wdym

Good afternoon I need help my niece in Trinidad just called me crying saying a person hacked her iphone saying he have her pictures and he wants to leak it unfortunately im new to the IT hacking thing but I need this person to stop doing what he or she is doing how do I do it she went to the police in Trinidad but unfortunately they dont have the tech power as we do

Do you see the D drive?

Or do you onlly have the C?

yes

only C

Hmm from where does it take the D:\tinderbox\win-rel\src\VBox\Main\src-server\VirtualBoxImpl.cpp[863] (long __cdecl VirtualBox::init(void)). path?

https://www.youtube.com/watch?v=huOYt7ByOTA&t=8s

AHHHHHHHH

Now I get it

yes?

Follow the video

tell me broddie

alr

thx man

I remember that "issue" cause I also had it.

appreciate it

wait

when i typed the command now

it didnt work

it js gave me instructions

and not run the command

srry if im giving u too much work

you just have to copy paste the command

it says unrecognized command

sc config VBoxSDS start=demand

and open cmd as an administrator

and the sc command is definitely not unknown

WAIT

IT WORKED

yeah im dumb: confirmed

obviously

still the vm wont work

Yea you figure out the rest

Just use google to understand what the error is.

Or just switch to VMware

srry for annoyance

thx for trying to help tho

Hi @oak robin is being delusional again and says that I need proof that this server is a bot farm where you train these bots.

So is that true? 🙄 I stg my life is insane.

160k accounts, so all bets are open

whats the best coding agent for making Apps android APK have an issue and not sure what is going on.

I’m brand new to Governance, Risk, and Compliance (GRC) and currently learning the fundamentals. I want to do some practical projects with real businesses to gain some 1st hand experience and have something for my portfolio. I’m eager to learn and gain real-world exposure. Is there anyone who owns or works with a business and would be open to collaborate?

guys what type of tools do you use for vulnerability testing

depends on target and what we’re trynna achieve

be more specific

nah like just a vulnerability test for html websites

deffo not how you’d be getting hired

nmap sqlmap nuclei

gobuster ffuf

burpsuite

do you suggest nikto?

for ctf challenges sure

im new to this while testing thing so what the hell is ctf

😭

capture the flag

friendly and legal challenges

to simulate web hacking on test targets

wait nikto isn't only a vuln testing tool?

nmap can run a vuln test??

i never knew

it has basic scripts to do so made in lua yes

secondly it’s rather for initial recon necessary to know what tool next to run

What's the command to run a vuln test

actually don't answer that ima google it

Interested in the building experience. It's volunteer work

good

okay thanks i found it out

yeah not how you’ll gain experience

deffo not on a random discord server

sorry

Okay

I love you isn't that what matters. At least I hope so

Still need some responses for this

first, sorry for my bad english
can anyone help me in a ctf? i have to send 16 bits to an 'hardware' (software simulated) in a socket, i have .vhdl files and i got the backdoor activation bits, and i think i should send this on a socket. i made this python script:

import socket


sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
host = input("enter host (use 0 for default: 94.237.121.111): ")
port = int(input("enter port (use 0 for default: 58677): "))
if host == '0':
  host = '94.237.121.111'
if port == 0:
  port = 58677

server_addr = (host, port)
sock.connect(server_addr)

message = 0b1111111111101001

data = sock.recv(1024)
print("received 1 -> %s" % data)

sock.sendall(message.to_bytes(2, byteorder='big'))
print("msg sended")

data = sock.recv(1024)
sock.close()
print("received 2 -> %s" % data)

the first data i've received is:

The input must be a binary signal of 16 bits.

Input : 

and the script send the 1111111111101001
but i noticed that i received no output, so i send a \n along with it, however i`ve received:

Error : Invalid length of bits.

so, i dont know how to send 16 bits + \n and continue sending 16 bits

if i send more or less bits without \n, or just the 16 bits, i didnt receive response

btw, first rule of any CTF: "Do NOT cheat"

i don't think I'm cheating.

and this CTF isn't worth anything.

it's like creating a post on reddit asking for help; which is considered cheating and would disqualify you

same as DMing ppl for hints etc.

just saying

I understand, but like, I think I've practically finished the CTF, I got the main part which are the bits, I just don't know how to send it.

What is a good website to learn Python? , Im kind of struggling just from watching Youtube videos

cisco net academy

is it free?

yeah

still it's not completed; you can ask for hints when the CTF ends;

alright I will check it out thank you

but the exam to get the certificate is paid

ok, sorry

I can’t type in general and 90% of the servers chats,can someone help me

I was looking at it and thought it was one of those that just stay there and don't have a finish time, but I checked now and it really didn't finish, it was one from Hack the Box.

Are there any online resources that allows me to practice my computer networking knowledge hands on?

Bro you can try Boson Online Practice Labs, MyNetworkGuide Hands On Labs, Connected Dots Online Interactive CCNA Labs.

Alright, thanks!

i am new , i joined today what should i do

You welcome Np.

i checked free resources

what should i choose red team or blue team

Depends what's the reason Offense or defense..

Do you know any other resources that are completely free to use?

i am starting from todat btw 🥲

how muc time would i need to complete all these resource in blue team

if i choose

Connected Dots Online Networking Courses, OverTheWire / TryHackMe does are some good ones bro.

You're not going to learn everything in one day or in one month, it's a long journey ahead, you need to take time and understand each concept if you want to master in cybersecurity

It depends on you and how much time you willing to invest..it all depends on you.

Udemy too has free sources....just in case .

I see, the last thing I want to be annoyed at is needing to pay for the rest of the courses after playing the first few courses for free.

There's alot of free courses everywhere... these days

Right, I guess I just have to dig deeper, so far I found some useful free courses like PortSwigger and OWASP

Nice bro..

@fluid gulch when did u start this carrer

@teal garden u too

I am still a beginner just like you, so not too long ago

soo have u done anything

like any course

if my pc has bluetooth and wifi does that make me traceable

Hello 👋

You become fully traceable once you have your wifi on and connected to a network thats how, websites you visit can track your IP,ISP, Wi-Fi MAC,

is this where i get answers? or help? i can pay. im not much but this would be a worthwhile skill to have

i just need help with finding an ip address or email on this youtube page. if possible. if not ill find out how.

And for Bluetooth, what can be traced is Bluetooth devices broadcast identifiers (like a MAC address). Who can see it:
Only nearby devices (typically within ~10–30 meters)....but Bluetooth beacons can be used for local tracking. But keep in mind If Bluetooth is off or not actively scanning/connected, it’s basically invisible.

You won't receive help with this, no
#📜・rules

no i just have wifi and blueetooth enabled im nto connected to a wifi or a blueetooth just curious if i am with it on

what do u help with then?

ite ill figure it out my self thank you. anyways though

Hii ! Anyone know about roadmap of cloud security beginner to advance?

Does anyone have a book about compTIA A+. 220-1201

You should check outroadmap.sh
They have a lot of road maps

Learning computing concepts, networking concepts, and how to "hack" those things into doing what you need.

Not tracking people. Don't ask for that here.

Does anyone have remote online work I can do on my phone from home. I'm not working now and need cash for Christmas.

This questions comes up multiple times per day, the consensus is that this is the entirely wrong server to look for it

Hi, so can I drop a pdf guide on a project and ask a question ?
Or maybe someone with raspberry pi openWRT experience can help me ?

Hello guys I'm Mohan
Im doing my b.tech Cybersecurity 3rd sem but I don't know any shit abt this but I'm earged to learn helpme to develop my skills and land uhh job

Any recommendations?!!!

sure, what specifically do i need

u*

Ok i have created a guide using AI for setting up my internet at home I have 2 5G routers huawei one with the actual sim card and the second one as an extender. (Connected through ethernet) from main router port lan 1 to extender router port wan, i set up the admin panel all good.
I got my raspberry pi flashed the openwrt and connected it to the wan port of my main router.
I am no expert in networking but I guess this is how it works?
Now I entered the panel of openwrt and I want to set it up but have no idea how and what I should do….
I can share the pdf created for it ?

@charred mirage we do not help with account recovery here as there is no way to prove you are the owner and it is against our #📜・rules . Please contact the proper platforms support team.

Oh ok I’m sorry

Ok i have created a guide using AI [...]

I stopped reading there

😂 why it’s actually good since i fed the sources

what do you want to setup openwrt for?

I'm not familiar with it but there must be documentation about it online

Worst case scenario you use AI for it too and spend a day debugging it

Ad‑blocking: luci-app-adblock
• IP blocking: luci-app-banip (and optionally banip itself)
• VPN: luci-app-wireguard or at least luci-proto-wireguard
• DNS encryption: https-dns-proxy and luci-app-https-dns-proxy
• Recursive DNS resolver: unbound and luci-app-unbound
• Traffic shaping: luci-app-sqm
• Bandwidth monitoring: luci-app-nlbwmon
• Connectivity watchdog: watchcat and luci-app-watchcat
• Roaming Wi‑Fi/Travel: travelmate and luci-app-travelmate
• Web terminal: ttyd and luci-app-ttyd
• Shadowsocks: shadowsocks-libev and optional luci-app-shadowsocks-libev
• Docker: docker or dockerd, luci-app-dockerman, plus ca-certificates, kmod-veth and kmod-xt-overlay for container networking
Just security purposes

why not PiHole?

More features and configurations in openWRT

I can even get docker on it and go all in but that’s just too much

Plus my rpi 4 B+ has 4gb enough for openwrt and the extra features i want

An LLM should give you fine configs for just adblocking and a bit of security. You should try it. If it hallucinates point it to the documentation, but I doubt you will need to

hii

Guys i have an iPhone XR which has an iCloud lock. I want to bypass it without jailbreaking it. Any help on how to do it or what software to use.

Hey, I'm ray and I'm new to all of this stuff but I need someone to help who can retrieve TikTok id. I don't have the password some person hacked it 😭 kindly anyone here to help. I Also don't have the number or anything. I just have a username😭
Kindly help

Hey, Gm. A kindly reminder go read the #📜・rules thanks.

Nothing we are going to help you with #📜・rules

How can I remove activation lock on my iphone

Ask you cell service provider or whoever you bought it from to do it for you

So it can't be unlocked

not if you stole it, no

@minor blade permission to publish dropbox link for a project in #chat?

Hey for anyone that works with hardware, I've been looking to get an injection USB without breaking the bank. Anyone use something cheaper then the hack5 bad usb?

oh my

i’m glad you asked

hak5 is like the biggest scams

i made nearly all of their products for 1/10th of the price (unironically)

any microcontroller can do this job perfectly

for like 4 bucks

Lmao real

What did you use for your micro controller? I planned on using some raspberry pi picos

yes

i used an rpi pico too

i wanted to post a yt guide on it at some point but was too busy

and too lazy to write the script off of what i should read

LOL your so real

Kick it old school, no voice just text and dome ncs music XD

bahahah

well anyways yeah

Omg perfect

rpi pico is all you rly need

And did you follow a guide or just free hand it

BadUSB Beetle or LilyGo T-Dongle S3 can be fun

and no you cant remake the rubber ducky with 4 bucks.. you can very limited copy one of its functions

??

i disagree

circuitpython firmware on a pico

i counted, median speed of 747wpm

exactly identical to the pico

Is the lily go like a diet flipper zero?

the only feature it did not have (which the new picos have) is os detection

new rubber duckies*$

Can you do os detection? stealth extraction? Have a covered arming modus with a built in button?

look up "usb swiss army knife" and see if it answers your question

the service hak5 provides is convenience.. their tools to program stuff are great.. its just the same with HTB/THM costing money instead of building or hosting vulnerable machines yourself

yes it can do stealth extraction. os detection will be irrelevant for him as i doubt he would need a different payload based on what type of device he plugs it into (will assume he will now his target beforehand)

is it cheaper? Yeah. Is it the same experience, hell no

arming modus is also possible

i have tried all of them, i’m speaking from experience, not theory

so i’d disagree that the rubber ducky is any more convenient

maybe if one is lazy and doesn’t wanna install their own firmware (literally dragging a file into the storage medium and that’s it)

I said the tools, as in the software.. duckyscript v3 for instance

yeah?

yeah

it can obviously run duck script

https://github.com/dbisu/pico-ducky

proof

Ducky script 1 is supported by lots of products, ducky script 3 on the other hand, not

mostly for legal reasons

I have about every "bad usb" device I have ever heard of, I collect them as a hobby.. and whoever tells you "oh its just the same for 4 bucks" is dishonest or glossing over stuff

duck script 3 seems to be very much supported

it can run all the payloads one would need to either exfiltrste or exploit the attack vector to later plant a connection and such

it does not fully support DS3

in almost no scenario would you have the full kill chain

then raw python will

this is just a converter

you can do everything with raw python too

and know everything that’s set in the pc

to the point where the ducky will complete your op

it’s mostly used to get an initial connection

What I said is - "No it will not be the same experience, hak5 prizing is for the convenience of the tools (software)".

You can tell us now that everything can somehow be copied.. and I would not disagree.. there is nothing magically special about hak5 products.. but it will be a different experience, and sometimes way, way more complicated

well, making a badusb with a few more steps but same functionality and saving 96$ is very much worth it for most people i would say

everyone speaks for themselves though

the usb beetle for instance, I mentioned, is entirely programmed via arduino code

simply changing the keyboard layout can be a task that takes you a day

we’re steering off. your point was that we can make a very limited copy, though i explained we can do everything a rubber ducky can just with a bit more steps

then you say there’s nothing special about hak5 products except for the experience

so we agree from different sides

what they yapping about LOL

that being said.. the malduino w is seriously underrated

Ill check it out!

Diy bad usb vs hack5

hi guys
im here to ask a question well i finished my high school and i wanna be successful in life what i mean is with this ai things coming im kinda scared i dont wanna lose opportunities up ahead and i thought to myself i need to learn abilities that will become useful and in demand in the future so when the time comes im all ahead of every body else and thats how im gonna save my life and accomplish goals and make an easy life for my mom and my sister basically i wanna ask you to tell me what i must learn and where should i start
thank you

How do I check my teenage daughters phone

Ask her to show it to you?

Here https://discord.com/channels/990435451334688768/1306084252437450763 and https://discord.com/channels/990435451334688768/1352358179400581300

ask her?

If there were such a thing, everyone would be doing it

Though Raider/Gladiator sounds like it would never go out of fashion

What a weird question from him.

It is

It's your daughter, talk to her.

I regularly assume the stories are made up of course

ai is the reason cybersecurity is needed

it has so many concerns

hak5 had a guy once who wanted to know how to monitor what his sister would do while shes on his PC, .. when told to ask her or just not let her use it, he said "mom said no"

Hi im new here and i have a question sound mayne its absurd but if there a way to retrieves money back into a apple card from the person that took like like undo the proses?

No

i know theres not a certain answer but i though you might know something that i dont

Ok

I got jacked then lol😂

Thats possible, but then again we would have to assume that no one who "knows more" would be talking about it, or it would become public knowledge. hence asking for it is nonsensical. But really there is no secret, that people just throw out there on some discord rando they know nothing about. Also they may be wrong

I wouldn't worry about AI too much though

"AI is going to do all the jobs, it is going to be great" is basically a stupid persons idea about what a smart person would sound like.. economics don't work like that, the large service providers are basically scams and the bubble seems to be ready to burst.. this kind of thing usually leaves salted lands for investors for a few decades

no need to worry about it, as it is meant to help you, not replace you (if you picked a good career and not something dumb and repetitive, you should be fine)

look at where the market is going, and adapt

yea, what they call "AI" are just fancy calculators

thats what im talking about im not asking for a cheat code my point is that everyone has their own way of seeing the market Id like to read different opinions and see how each person approaches it so I can make the best decision

the current read is that the ai tech bros are morons, who just assume that "the rest of the population will go along with it"

Hey guys, I have a question how to j recovery or look up my lost email information

contact that emails service provider about it. If they don't help you, we won't either

Just ask her as a human being, if there is recaptcha required just do it!

Ty I will try that

😂😂

well my current view is that AI (or LLMs) have limits (unless breakthrough in quantum computing happens, they'll still lack alot to replace someone), so the practical use would be to have it do these dumb and time-wasting tasks, while the professional focuses their time and energy on the important tasks and business interactions

so you might not be replaced by this AI, but will likely be inferior compared to someone who leverages it (for automation and assistance)

thank you now how can I be the person who uses AI to get ahead not the one who gets left behind?

leverage it for automation and assistance

for the dumb and time-wasting tasks we invented computers

but first, understand how it works at a basic level, how to train it to do something with prompt engineering, and then how to integrate it with other things (n8n is good for this)

networkchuck is doing great videos on this

Ai won’t take a mechanics job

so this n&n is a good resource to learn prompt engineering ?

Its a tool a mechanic could use.
It won't take a normie, and turn them into a mechanic.

Mechanics who don't learn how to use the tool to benefit them may fall behind

replace mechanic with any professional

no, it's a platform to automate stuff, easy to use

run it locally and see for yourself (using docker)

Its an application that sends and receives REST requests, and has other abilities like cron + database interactions

If the idea is to learn cybersec, you are better off learning the python that could do the same things. n8n is a good visualizer though

indeed, the things it does can be done using python scripts (since it's based on javascript)

but i assume the dude hasn't learned these stuff yet, and n8n simplifies the use of automation and integrating other stuff

hi guys so i downloaded kali linux on a vmware virtual machine it works fine but the mouse cursor isnt showing like its not appearing how do i fix this?

so n&n is a great platform for automation but where can I learn about other uses of ai?

thats a known bug with vmware
shut down the VM, set the hardware compatibility mode of the VM to 17.5+ and restart it

wait, so its a common issue?

It is a known issue, happens with a number of other distros, too

ah dang

Guys i have a question i use linux but i wont a extra hard drive with win 11 how do i fix that from linux ?

If anyone could help please dm me

having difficulties finding that setting
-# sorry for my stupidity

you mean win11 should be able to access the linux hard drive or linux partition?

No wait i explained it wrong haha

cant help you there, easily googled, I imagine.
It is a setting to that particular VM inside vmware

I have linux installed but i also want a win 11 installed so i can switch boots

ah, sorry for stupidity thx for helping tho

you want to dual boot both? every linux distro has guides on how to do that

Wait yeah that sounds like a fair point

Hello guys I have a problem using hydra in Kali Linux can somebody help me dm me please

ask here

couldve helped if i was smart enough

eris2cats, it worked tysm

happy to hear it

I can't share pictures here?

no, but text

Iam getting a long error

Using hydra

luckily hydra is a command line tool.
Have you tried google or the actual hydra documentation?

apart from that, maybe give us the relevant portion of the error, as well as the command you tried to run

When I try to run the command I get premeter must start with / slash?

seems rather self-explanatory.. but just show us the exact command you tried to run

It's a brute force command for Instagram 🙂

But it's my account

still a tremendously stupid idea

Why?

Cause it is not your account.. it is "instagrams" account.. its also not your login.. it is instagrams.. they may probably see the attempt and decide that this is you attacking their infrastructure and can decide to file a report with your local law enforcement

What do I do then?

luckily it seems you were unable to find the correct syntax

I wanna learn brute force attack

well seems like your failing saved you from potential problems

well.. all those tools have amazing documentation you can read

and there are several services that provide you machines to test tools on

#👥・new-member-guide has a few guides mentioned

Can I use like Tor or other proxy to bypass?

You can, but I can spare you the trouble.. it wont work

Give me name