check with that AIs licence

tbh we can use 5G to use stuff, but it’s a pain in the ass🥲

Is it possible to get a full unlock software for mobile phone here?

probably not..

how so?

@plush tuskif you get any dms regarding that, please report to us immediately.

Thanks @ Eris2cats

you can do that by making a #📩┃ticket

Okay

it’s using too much of my data plan
it's a real pain having to buy separate data packages all the time.

but its okay thanks for the advice.

Who can help me setting up a bitcoin account.

https://tenor.com/view/google-exists-google-search-it-geekboy-geekboy-cz-gif-25933207

Just google it like that.

well use less

Hello, anyone here doing bugbounty?

it's always bad taste to ask for someone to ask instead of asking the real questions.. but..
have you tried the various bugbounty channels?

#🔰bug-bounty-info #🎯public-bug-bounty

Any know of a good place for me learn how to type or to practice typing. I can type but not without looking at the keyboard and using like 3-4 fingers lol any free open sources yall can recommend.

GNU Typist is pretty good

https://www.gnu.org/software/gtypist/gtypist.html

monkeytype.com

I just grew up with a towel being thrown over my hands so i had to remember, or backspace a lot.

Thank youuu 🎉🙏🏻

Yeah just switch your key caps to blanks, ezpz 😂

No problem. Also, I bought Type Fu when it was for pay, and it was really good. Now it’s free and online, but I assume it’s still good.

https://type-fu.com/

I just practice whenever now.
A url i need to copy over, but can't copy + paste into the VM? That sounds like typing practice.

Forced practice 😂 better than none, for sure

Not forced, there is usually many ways to get it over.
Could just ssh it into a file, then open it on the VM as an example.

But choosing to type instead of finding an alternative

Saw a Farm-Simulator/Creature-Collector/RTS/Tower-Defense typing game on steam the other day

True. I know people who do anything to find a shortcut for easy stuff like that, including taking a lot longer, it's wild to me.

Tysm everyone

"Final sentence" on steam perhaps 😉

Final Sentence combines the tension of Russian roulette with the skill of competitive typing. Up to 100 players queue into a match, each sitting at their own typewriter with a revolver to their temple. A text prompt appears, and everyone types the same passage simultaneously.

I have CCTV footage that's currently in a unknown language that I need to be transcribed/translated to english text. anyone have any idea how I can do this? i've tried whisperweb.dev but it isn't great

Brother

Shit breaks people

@prime wharf

@everyone
Please I'm new here. I would like to learn cybersecurity and I need someone to please walk me through the fundamentals

Did you just try to ping 160k people?

I just need someone to please help me with cybersecurity fundamentals

#👥・new-member-guide

hi all new to this discord. got my comptia security plus and work in I.T. i would like some guidance. im new to the cyber space but not it. please and thanks

@silent spear @thin copper see #👥・new-member-guide. if you have specific questions then this is the channel to ask them. general "need guidance" isn't going to get you much

Thanks Boss I really appreciate this

Hello, I'm new here. Can someone give me some advice? I want to take my exam for CC from isc2. Is that recommended or not, I don't know. I'm studying the material on their page and I don't know if the real exam questions are similar to the practice questions

does anybody got a good video for sub-netting

i almost never see that cert mentioned, but it's free so if you can't afford others then it's probably fine for a beginner cert

@haughty dawn thx , want to start with that and later the compTIA+. A question in General. The Way built the practice questions same or are they in the right exam more difficult

sorry no idea i haven't taken it. maybe ask in #📜・certs-and-career

BoltGun - Words of Vengence

https://store.steampowered.com/app/3533730/Warhammer_40000_Boltgun__Words_of_Vengeance/

Hey guys i have a c++ code can Somone Tell me if its a real code or a demo code ?

what is it supposed to do?

Idk really bro i can Send u the code u Tell me hahahaha

If its okay i sent it to u ?

no

Ok

so you don't know what the code does and you don't know how to run it?

Yes Bro I m very new I downloaded kali Linux new i want to learn

I know only it shoud be a Virus

I jailbrake deepseek and he Write me the code

so you don't know how to read, write, or run code, and don't know how to use a virus if you actually did have one

bro

Yes Bro I have

I can show u if u Want

Idk how But yes

Its a new jailbrake Methode for deepseek Not roleplay or something

go actually learn something my guy

you're not going to get far trying to have AI do everything for you while you understand nothing

Idk Where to start

U r right bro

#👥・new-member-guide

Idk Where to start Internet is only Shit Bro

Thanks I Look there

start with learning how to ask good questions

that's not an insult. that's a legit skill you need to build if you want to learn security

Ok Bro

Thank u

I know how the code Works and how I run the code

Read our #📜・rules
Do not send malware to people.

Guys can I upgrade CPU on thinkpad?

Or add GPU?

@woven anvil ?

On the really old ones i think you could add a CPU.
Like pre-2011.
GPU is not something that can be added to a laptop, outside of external cards over thunderbolt

On e14 i7 10th gen

i know this is probably the bumbest thing you guys have been asked but are you able to do any of this with a chromebook?

dumbest*

Extras I'm new are you new at this I only know basic Linux commands and little networking

This would be soldered to the motherboard, and not swappable.

you would need to swap out the entire motherboard with one that has a more powerful CPU

Wheres the opsec channel?

@woven anvil thanks

nvm

i know this is probably the dumbest thing you guys have been asked but are you able to do any of this with a chromebook?\

What if I'll buy t480

I mean it's old right?

@woven anvil you here?

the T400 came out in i think 2011 for reference.
The t480 came out in around 2018, so it wouldn't be old enough.

You don't want a pre-2011 laptop for performance.

T400 is really bad one no?

I mean it's alright Ill get the one I have in mind can you just tell me if it's good?

Lenovo ThinkPad E14 i7 10th gen 16GB Ram DDR4 256GB SSD 14inch FullHD IPS Screen

Does anyone know anything about RFID badge encryption or reverse engineering .DLLs in the dot net framework?

if its a good price, its a fine laptop to run linux on.
https://github.com/ramaureirac/thinkpad-e14-linux

Friends who are experienced with assembly and rev eng: what's your favorite book to learn assembly? I was reading The Art of Assembly Language but the custom assembler doesn't even run on my system and the weird dialect doesn't really transfer over to other assemblers.

@prime plover
Don't ask for things like that here.
We do not assist with Vigilantism.
Read our #📜・rules

wack

but i understood

your moms on disability @prime plover ?

yupp had a stroke in NRA buiilding

while working

And please read #📢・announcement message
Don't let someone take this as an opportunity to scam you.
Stay safe.

sorry to hear

life be lifeing

my social is

lmfao jk

jk ?

Hi there im new here and i want to start my CS journey but i dont know how and where to start please any expert who can help me i will be very thankfull!

No expert here but check out the #👥・new-member-guide and #📜・certs-and-career areas for some info to help you start out.

anyone up for thm 13th ctf??

im down to join

anyway if anyone down for ctf dm me ill share team link

Not familiar eith assemble
But I was referrd to look into ffmpeg's doc.s or course

no wonder, that book came out in 1996 and the software was made for the era...
you might like this book or this one (paid) https://beginners.re/

mind, these are x86-64.

I'd also recommend going over computer architecture and at least a small amount of logic circuitry.

Anyone?

this sounds like a quesstin for #📜・certs-and-career

Alright thank you

oh no it doesnt, sorry

Lol I just saw it too

Its ok answer here haha

The channels got reorganized a few days ago, my bad, it used to be a discussion channel

Easy answer - I don't know

damn

But without knowing anything about it, I can still give you pointers

Yeah sure it will help

What’s a good lynx distro other than Kali lynx to learn ethical hacking on?

parrot

the CPTS is much more recommended, even for hackers inside of the web field

Sounds good, thank you

it covers a more broad subject of hacking, beyond the world of web

What is your expectation from any cert? If it is just for you own - usually best to take the latest that came out. Apart from that if it is not just for you, take a look online what employers are looking for

But won't CWES be more useful for a mix of backend and cybersecurity? I'm curious.. because from what I heard CPTS and coding dont really click... am I right?

My expectation is to combine my computer science batchelor's degree with the appropriate cybersecurity certifications.. if I can of course 😂.. more focus on backend development

yeah but for the warm fuzzy feeling inside? Or to hold it up to the world and shout "SEE MY AND TREMBLE" - cause that are two totally different vectors 😉

if you have the CPTS, people would naturally assume you know backend workarounds
CPTS does involve coding, crafting of payloads and such
that also includes web vulnerabilities
think about it as the extention for CWES

Ohhh nice perfect thank you very much

but

can I become a red teamer with this cert?

absolutely

Amazing

it is a red teaming cert

Thank you so much!

you're welcome!

If that is something employers in your region are looking for

So what I caught from your answer is

CPTS is an extension and broad cert for penetration testing, while CWES is only focused on web exploitation

it is second to offsec certs that are recognizable in my opinion
the cheaper alternative version that's just as hard to obtain

But CPTS covers it equally

right?

yes

you can check the roadmap for the CPTS btw

what modules you need to undergo in order to obtain the cert

I checked it that's why Im confused 😂

Im almost done with CJCA and I was in a huge dilemma I had to make an acc and ask the experts

it should cover web aspects

there's a percentage you would need to complete first before taking any cert in htb's academy

those percentages are split into three categories:
general knowledge, offensive knowledge, and defensive knowledge

Yeah Im aware of that already that's why I'm preparing where I should go next

you need at least 90% in the offensive knowledge done to take the cpts

i am not sure about CWES

90%?

This much?

yes from as far as i know

Jeez

however do fact check that

it's going to take a bit

Well it makes sense kind of..

because you will also learn windows lpe, linux lpe

AD pentesting

no worries, do take your time

But yeah that's about it... if CPTS covers as much as CWES and it's broader and more in depth then I'll go with CPTS

And if I can become a red teamer and not just a penetration tester..

Anyway that's about it

Thanks a lot!

hey you can always trust that guy

he works for mossad cybersecurity

https://tenor.com/view/suspicious-look-suspicious-hmmm-squinting-eyes-narrow-eyes-gif-6163597512107158377

He is an intelligence agent?

idk ask him

haha

I genuinely dont know what mossad cybersecurity is sorry..

dw about it

U make it sound like he is the anonymous

oh nah he's pretty known

far from anonymous

I dont know this person.. sorry I'm new to the cybersecurity team..

Im moving from CS to penetration testing

ikik he's not FAMOUS but he's not anonymous either

it was a joke

Hahaha

chitchat goes the other channel 😛

Huh?

Your interaction had nothing to do with #👥・help-me

Who r u?

This is getting seriously off topic.. listen.. sit back down, take a chill pill, I wasnt even talking to you

huh? 💀

I was talking to the guy who started the mossad idle talk that should have been joked about in general #💬・old-gen-chat

I hope this isnt too technical, but... #👥・help-me is just for help and questions.. we encourage people to move nonsense outside of it, in case peoples questions get lost

Can somebody help me with smth?

im in need of help i want and need bread im stuck on 15 points on ctf hackerone any side hustles im from South Africa pls

https://dontasktoask.com/

unclear what you are asking for exactly

cyber security brothers & sisters to help me i have passion i got a task of bruteforce & quick side hustle

so you are looking for someone to do it for you, or... speak clearly

im looking for enlightenment and friends

let me say siss and brothers

Hi everyone

I just got a PC and I want to get into cybersecurity. I’m still a beginner and don’t really know where to start, so I could use some help.

Whats this

Im a beginner too

That’s fine being a beginner is part of the process. We can learn and improve together.

& help me to be a cybersecurity ep

for sure

try hacker 1

click it and read it, it tells you what it is - essentially "Stop asking if there is someone who can help you, just ask a question already"

Okay

Yea

Whenever someone shows up and asks if anyone can help them, most of the times in several channels at once, but not spilling the beans what it even is they need help with, we get this mental image of a child running from room to room looking for an adult ... just ask the question, saves everyone time..

Anyone know server for Hackthebox

hackthebox actually has its own discord server

tryhackme and several others too

Help me if you know the server

if you cant find a discord server for a very unique name, then maybe pentesting isnt for you

Finding stuff people WANT you to find should be nailed down, when you are looking to find stuff people do not want you to find

I’m still a beginner and I’m not sure where to start. I’d really appreciate someone teaching me from scratch.

we do no mentoring here, but you can start here #👥・new-member-guide

Alright, thank you very much

Hi the page failed to load

What page?

Channel

The new member guide doesn't load?

As in "no access" or what? It very much loads for me

For me it does, too

I need help with an Ai model influencer but some guy is charging me money to teach me , I want to learn it for free ... Can you teach me or if you know anyone who can?

I do not, no

Ok

Welcome to OwlSec! 👋

Hey there 😄 We’re really happy to have you with us. Hope you and your loved ones are doing great 🤗
This server is all about learning, sharing, and growing ethically in cybersecurity and hacking. If you’re here to explore, practice, or get help, check out:
#👥・new-member-guide
#👥・help-me
#💕・free-resources
#📜・certs-and-career

Programming:
Python, Ruby, Go (sololearn, codedex, freecodecamp)
JS, PHP, ASPX, SQL (portswigger)
C, C++, Assembly, Rust (pwn college)
Learn what you need, when you need it.

Networking: Try NetAcad (THM + HTB Academy also help)
OS: Windows (PowerShell) & Linux (Bash)
After basics: TryHackMe, HackTheBox, and similar platforms
Most important: Build the right mindset 🙂

E-Books to start with:
Cybersecurity-focused books:
https://security-books.notion.site/

🚫 Please remember: We strictly prohibit any unethical or harmful activities. Let’s maintain a safe, respectful, and responsible learning environment. 💛 #📜・rules

Here you go, a long comprehensive painless guide :>

Quick question why i cannot see some channels? sorry about my english

S

Can i post ss here and show?

No. Just reach lvl 1 on the server. Chat a bit in #💬・old-gen-chat

New members guide

Exactly

Oh so i need to just chat

Pretty much. Keeps the spam bots docile

okay tysm

Weird way to think about it, your horizon and skill level should both be wide and deep anyway

then you might not have enough time to become a pentester 🤷

Then look for a different career

A certification will get you the job interview. Knowing the bare minimum for the cert gets you a rather short and unhappy result

Last time I checked CCNA was not a universal requirement for pentesting roles, if that's what you're asking

We neither know the "stage" or how far along you are along your journey - and most importantly, we cant predict the future for you. That being said .. acing job interviews is a lot easier if you are older, more experienced, and if you are not then you usually substitute it with more or better certs

You want to verify something that no one can tell you

Some of us here arent even humans. But AI agents that has logged onto discord

Well in that sense, no certification is "necessary" unless you go into restricted environments (government and such)

Thanks a lot! I really appreciate it.

Dude.. I'm on some servers that had trouble figuring out which one was a moltbot

Well.. Openclaw now.m

Just daily driver linux...
Or deploy a vps and ssh into it using termux mobile

Beginning of the road schmuck

https://tenor.com/view/jim-halpert-face-yeah-ok-then-sure-gif-15858837081286407798

What our opinion of this request from the OSX Discord app? "...Discord would like to receive keystrokes from any application..."

One message removed from a suspended account.

One message removed from a suspended account.

Just follow the installation guide - and should you run into specific problems, then ask specific questions

Any recommendations for m5stickc plus2 firmware?

believe that's for hotkeys, e.g. ptt while in games

Imma need y'all help😩

You are not, cause it would be illegal and you lied when you confirmed to have read the #📜・rules

DUDE

why!!??

We said we wouldnt help

lol read the message

you delete that right now

what?

thanks ❤️

No way this is his first message 💔

Duh

u can find this out by usually googling how peoples accounts get hacked

most of the time for twitter the victims get sim swapped

This is BS.

or they log in to a phishing page, or the get infected with malware

was extremely popular around 2021-2023, some people even got access to admin twitter tools and they could do anything

im a cyber beginner, any help with guidance? like a roadmap to follow

#👥・new-member-guide

the official SEC government account got hacked from sim swapping, so saying its BS is just wrong

While its true, we still don't help with obviously illegal ambitions as per the #📜・rules

i wasnt helping was just talking about how hackers do it

"most of the time"

It's in rare cases

and you were giving them pointers along the way

I mean lets be honest.. they seem to be overwhelmed with using a search engine

oh well if you want to be all specific then be my guest but its still used a lot

i dont believe i was at all i just said methods on how peoples twitter accounts have been hacked in the past

Calm down kids

Y'all should chill. Just one question and y'all getting triggered

like i doubt he would ever manage to get access to a admin twitter panel lol

they are just very strict on rules here is all

It's she not he duh

how am i meant to know

lol

Dont fill out your pronoun fields, its on you

We are strict with the rules here because we would very much like this Discord to continue to be a resource for everybody.

@blissful sonnet @astral kiln
No talking about things that break the ToS of Discord here.
Please make sure you read the #📜・rules.

Lol

Well thanks, I won't ask for anything seeming illegal again lol😅

u trying to break into ur own hacked account?

Still wouldn't be allowed. We don't assist with account recovery here.

right. Yes as Jeevis said. No account recoveries here, legaly learning always

he just told us we're not allowed to discuss it

true,he did

so, not allowed to discuss methods of account compromise, strange, for a cyber security server

Thats great

falls under threat intelligence after all

true

@blissful sonnet
If you have an issue with the rules, please make a #📩┃ticket about it.

This is not the place to discuss the fact that we do not talk about breaking discord ToS or other platform ToS on this server.

I get that you are new here, and currently a bit unfairly in the spotlight.. I guess no one would have batted an eyelid if it were mentioned in a discussion somewhere. Especially in the #👥・help-me channel though we are a sort of line of defense against an army of people who have no interest in cybersecurity or learning whatsoever.. they are usually here to get someone to help them hack an ex, or school, or best of all - do it for them.

That, and the constant scrutiny of running a really big cybersec related server makes this just a "wrong time, wrong place" topic

Though it took me a while, too, to realize that this channel shouldn't be the hill to defend a flag on principle

So, I've Finished the Pre Security ( I skipped the Windows One ) and I'm looking for advice to take on rooms / paths to get better knowledge (THM).

I'm mostly looking for CTI and Pentest Rooms / Paths, Should I continue to cybersec 101 and the penetration tester path or?

Continue on the paths, or even start going through the free rooms, and start supplimenting what you are learning in TRM, with some official documentation on the subject/tool that the room talks about.

I have Premium.

Even better. Then you have full access to the paths, but the same logic applies.
THM is a very good introduction to a lot of subjects. But the amount of subjects that make up learning cybersec is a lot. So much that if THM tried to jam it all in your face, it would be significantly more boring.

So, learning some fun ways (THM offers the practice rooms that have the VMs that launch), as well as looking for the official documentation on nmap for example, or the burp suite will give you ideas that THM maybe didn't touch on, or go into enough detail about.

After I finish the path, 101 and Pentest path, what do you reccommend?

So, the 101 path has a bunch of fundamental IT information in it. Things that take people normally years to truly understand. So while you do it, make sure you take notes, and this is where there are other resources that can help break down the concepts more, like Cisco Network Academy, so you can supplement some learning with that + Cisco Packet Tracer (Both free). You can also start taking your linux knowledge, and start trying things like overthewire's bandit.

Once you start the Jr Pentesting path, thats when you come into contact with more tools and such, so this is when finding the documentation in regards to those specific tools would be good.

Once you are done those, there is the section Practice > Challenges that lets you test what you have been learning on little environments set up. There is also another platform called "HackTheBox" that is more focused on these types of small environments, so it can give you "more puzzles to work on" (They have free and paid).

At some point here, you should evolve into wanting to set up VMs so you can have your own internal environment to be able to practice the things you are learning without breaking anything or getting into trouble. You can set up your own web server VM, then use a kali VM to try and attack it. This will give you more linux practice, as you can play around with installing ubuntu server, debian, arch, whatever you want. Look into how people protect a web server, and see if you can set that up, and if you can get around it.

This is a decent amount of content that should take a while to get through and understand, but there is more information depending on what subjects actually interest you.

You think there are some free rooms on HTB for CTO?

CTI*

(Also you can freely talk about terms or wtv I understand just I never took cybersecurity seriously and I just am taking it seriously now

Things that interest me Is pentesting and Cyber Threat Intelligence

So understanding the red team/blue team interactions in general is what interests you. How is one attacked, protected and all that?

Do you have access to VMs already?

Generally just Pentedting and CTI,

I have a virtual box set up but just a Linux and I uh kind of forgot the password 🤦

"How does a linux server administrator recovery the password for a linux workstation" is a great thing to learn and try on that VM then.

You just gave yourself a task 😉

But for CTI, you are going to be learning how to run servers, logship to a central log server (you can use graylog or security onion), customize the log collection and alerting for the logs, and then how to make reports for your findings.

Use TryHackMe as an introduction to threat intel so you have some concepts thrown at you to branch off from, then start looking through documentation for one of the logshipping platforms to learn their requirements and how they work.

https://cdn.discordapp.com/attachments/1393941467881541672/1397967755520770280/GifMeme20212123072025.gif

Thank you jeevis!

These rooms should help

Thanks.

hello hackers i have one xss lab about angularJS reflected xss + csp bypass
When I started to understand the logic of how the backend worked and what it did to the input before I solved this, I first tried: <> and I saw that my input goes into the <h1></h1> element and when I clicked edit as html to see if it decoded it or not When I saw how it was processing it, I saw that it was being encoded as an html entity. Then I tried %3C and saw that it was also being encoded as an html entity. This confused me, and when I tried a solution that mixed encoded options, it worked, and why? lab: https://portswigger.net/web-security/cross-site-scripting/contexts/client-side-template-injection/lab-angular-sandbox-escape-and-csp solution: ?search=%3Cinput%20id=x%20ng-focus=$event.composedPath()|orderBy:%27(z=alert)(document.cookie)%27%3E#x';

Hi guys

Hey guys

Welcome

@fervent portal @lapis wing
For general chat -> #💬・old-gen-chat
For any specific help -> #👥・help-me

@echo gorge
We do not assist with account recovery here.
Make sure to read this.
#📢・announcement message

blooket issue

Hi everyone, I’m new to cybersecurity and ethical hacking, and I’m really interested in learning. I don’t have many resources or guidance right now, so I’m trying to learn step by step.

I prefer hands-on learning, especially through practical exercises, or small projects.

If anyone can suggest how to start, learning resources, or beginner-friendly topics to focus on, I’d really appreciate it. If someone is open to mentoring or guiding me occasionally, that would mean a lot.

Thank you for your time!

welcome to the server

#👥・new-member-guide has some links to good resources for beginners. site like TryHackMe and HackTheBox have practical learning modules and hacking challenges.

a good beginner project is to get a linux virtual machine going and learn how to use it.

it sounds like you're more interested in the offensive side?

I need some help y’all what’s the most important place to start when getting into cybersecurity and what’s types of computers are there tha won’t break the bank?
Any and all suggestions are greatly appreciated thanks 🤙🏽🤙🏽

#👥・new-member-guide

For a cheap computer you can get an RPi, although some people here have a preference for certain used computers.

an rpi is limited by computing power, ram and its arm architecture.. also it always requires periphery.. it is nice if you have a specific use case, but the question is - what does "won't break the bank" actually mean in your own situation?
You need some type of machine you can actually work on, a laptop or desktop, and it does not require a lot. The recommendation is usually "any refurbished thinkpad will do"
You "may", over time, want some form of local server that can run virtual machines

What’s an RPi? Sorry I’m not to familiar with tech talk yet lol

raspberry pi

Yeah I’m wanting exactly the type of machine that will allow me to run virtual machines with out having any issues. With speed and memory etc

so what is your budget here, and do you live in a region where used hardware is a viable option

the hell you are #📜・rules

I’m trying to buy acres of land where do I start?

With a real estate broker, maybe? I think this is the wrong server to ask 😂

hey? can anyone help me fishing links?

@toxic glacierThihs will be your only warning. We do not help with unethical acts here. Read the #📜・rules pleas. Also any member found helping or assisting will also be banned.

sounds illegal, doesn't it?

Nope not here. read the #📜・rules

Hey guys am new here and new ti hacking need help with a proper road map cause I know y’all are experienced so I could house your help on where to start and get better am in my second year of computer science and plan to do a masters in cyber security and do other certificates needed
Need your help guys

There are some roadmpas on TryHackMe.

If one accesses the dev tool on a site and makes an edit how does one get the change to take actual effect. Out of learning curiosity 🥸😅

Hey guys I'm new here I'm not experienced yet on cyber security I hope u can teach.

Guys I'm a starter and I need someone to please help me with the networking tutorial on tryhackme. I was asked to make payments before I can continue anyone in the room who can help me with this?

Help me with netflix premium account free process

There is no such thing as free Netflix

Really??

No hack available to get an account without paying?

The only thing that is gonna happen is you either get hacked or scamed.

Wowww
I see
Thanks

Can I become a pentester from this path??
Backend dev -> DevSecOps -> Pentester
or is this better?
SysAdmin -> Pentester

And with the first path is being a web pentester more appropriate?

Chances are it will be neither, but both would be fine

Because Im a software development student and I think the first path suits better.. but the question is, can it work out?

That's why I regularly recommend playing and offering to GM tabletop rpgs

Hi

can somone recommend me an website where i can learn cyber secruty or like hacking for for and beginners

Go to Try Hack Me, Hack the Box

ty

What skills from TTRPGs transfer over into CyberSec?

Being able to speak in roles, switch positions, organize a table.. make notes for the future, take notes of what has happened - multitasking .. listening to people describe whatever their character is doing while mentally switching the scene already .. you end up preparing for all eventualities and writing them down

To this day I prepare my client meetings like I do roleplaying settings

That’s incredible. I used to play a lot when I was a teenager. Gonna keep it mind. Maybe I should find a new group to play with 🤔

During awareness seminars - and I am a large man with shaved head - I sometimes switch into the voice of a scammer playing a destraught woman who can't log into the company website cause the password doesnt work and then I break down crying that I just can't deal with all this anymore, and the baby, and my husband keeps telling me I am dumb, too..

Always gets the audience ^^

Roleplaying baby, can't beat it

Hey Eris, mind if I send a friend request?

You can try, but I have them blocked. For you I am going to make an exception and send you one!

epsilon is laughing cause they have seen me ^^

What do I even have to study to pass security+? Im cant find anything

you could try the official exam objectives (if you don't want to follow my link, you may do your own quick search for "comptia security+ objectives")
https://assets.ctfassets.net/82ripq7fjls2/6TYWUym0Nudqa8nGEnegjG/0f9b974d3b1837fe85ab8e6553f4d623/CompTIA-Security-Plus-SY0-701-Exam-Objectives.pdf

is it hard?

I'm halfway done with CJCA in hackthebox idk if that helps

There is a study book you can buy. Or you use their course material

I wouldn't say it's hard, but it's a different skill set. You need to learn a ton of acronyms for example, more than HTB would teach you.
Personally I'd recommend the official course material, but it costs some money

Professor Messer has a free YouTube series that is also really good

https://www.comptia.org/en-us/certifications/security/#buy-now

Got it... thanks man

np

not sure I understand your question, help with what?

Right, but this server is for learning Cybersecurity/IT concepts, not for learning how to get a job.
There may be better servers to ask about it. A lot of people here are starting their journey learning from scratch.

ok gotcha, thanks for clarifying

well it grants the experience that many need, like the hands on/well rounded exp

I am not saying its bad at all.
Exp is great.
You just might not get many answers here for your question.

Oh, are you advertising them here as a service? Not asking a question about it?

?

i work for both as an independent, so i guess it's somewhat of an ad? lol

We don't allow advertisements on the server without prior approval through a #📩┃ticket first.

you can lead a horse to water...

But we would rather vet anything properly, so we aren't "leading horses to sandtraps"

fair, there are enough capable people here, no worries on my end

Should I get the CompTIA Security+ Certification Kit to pass sec+ or is it too much?

Again, my very personal opinion, but I think that's too much.
Depends a lot on where you are in your education of course. I'd get the e-book, it's like 150 USD I think, that covers everything you need to know.
If you read it, understand it, and remember most of the acronyms, you'll be fine

150usd?? That's too much.. the kit is like 60usd

ohhh, wait a minute, you don't mean the official comptia sec+ kit, with labs and all that?

best secure browser? been on operaGX looking at librewolf. Any suggestions?

what kit are you referring to?

I thought you meant "Security+ CertMaster Learn + Labs" for over 700 lol

Honestly, chances are that one of the study guides you get on amazon is sufficient, but I can't judge those.
I know that Mike Chapple has good resources, so if you get his material I'd be somewhat confident that it covers everything

Firefox with adblock extension

and use Quad9 DNS

argh, the book I mean is even 170 now, they're throwing in a handful of useless videos these days. It's called "Security+ CertMaster Study V7"
I know, it's a lot.
Lemme know what kit you meant, I'm curious

LibreWolf is a solid choice

For me its 60..

Yeah I mean the official

lol

haha, really, is my part of the world that cursed? ^^

Any backup to quad9? Some ISPs have issues with all of Quad9 for some reason(rare, but i've seen it happen)

So far I've never had any issue with Quad9

always wanted to run a local dns server on my laptops, never got around to do it

Technitium is nice if you wanted a gui for it.

but im assuming you want something tiny

preferably

technitium is thicc

Windows?

Or Linux

linux kind of already technically works that way

I’ve always wanted to write a DNS server, as an exercise.

Why do you want to run one?

Can only be 1 reason. More control over DNS in general.

Being able to add blocklists directly to your computer is great

Planatir some crazy shiiiit lol

Seems good

Iinux

To brag about it, first and foremost, and forget about tracking by dns queries

Then you can turn off your current system resolver if you don't need it, run unbound in a container or similar(it won't listen on port 53 with systemd-resolved using the port), and then hardcode your /etc/resolv.conf to localhost.

Make sure whatever you were using for DNS before doesn't re-write the resolv.conf

Bonus points if you can think of a way to block outbound 53, 853 on any application that isn't the unbound container.

Goes on the list! Behind sadly quite a few things

Discord exodus for a couple of communities this month and meshtastic/peertube before that

Maybe someone can help a newby out. I used every resource at my disposal (Searchengines, AI ...), and i know what the problem is, but cant find a sol. to fix it. Lately i "specialized" a bit in Wordpress. As a beginner i thought it might be good to stuck with one theme for a while. Now the problem. It is related to the WP-Scanner. Often when i scan or enumerate, i get errors. Mostly error 403, and 409. Its probably firewall related. I tried to alter the scan with parameters like: --random-user , --throttle, requesttime-delay and the usual stuff 😉 How can i perfect my wp-scans ? Or in other words ....you guys know a trick ....Otherwise you will leave me no choice but to open an new beginners-capter called: THE FIREWALL 😉

What target are you scanning?

Good heavens it's not me that breaks the object permanence! 😄

Ownestly its just regular WP pages

a wordpress site

I'm afraid that's your problem right there.
As a beginner, I'd advise you to stick to targets that are pre-approved, for example those on learning platforms such as Hack the Box

Hi guys. Im new to hacking and stuff. Mostly copy commands and paste them to execute . Help me , dont know wht to do or where to start. Will appreciate if anyone can guide.

https://tryhackme.com is probably the best place to start

Ok thank you bruh. Ill try it.

Or anything curated in #👥・new-member-guide

Which ones would still be relevant

ah i didnt know you guys had this nice

some random stuff online? Something from a vulnerable machine.. something a service is providding for you, etc

saves me writing https://tryhackme.com every time

I get your point. But its a bit like doing Karate in preschool and thinking you are a MMA Streetfighter 😉 You know what i mean ....I am not breaking anything by enumerating something. I just want to learn

still illegal.
and the analogy is more like honing your lockpicking skills by breaking into your neighbors' houses. For "learning purposes"

Is enumerating really illegal ? Because its publicly available info in my opinion ...anyway I get your point

There is nuances to this of course, but those tools often spam the target with requests, fuzzing and such, and that is the shady part

Enumerating is like casing a house for a robbery. I don’t know if it’s illegal (might be), but I doubt people will be happy about it. Plus I bet it’d be enough to show intent in a court.

wpscan is an active tool

"I'm just probing the lock, officer, I have no intention of entering though"

OK then lets refrase here and try finding a solution. I get your point and you are right. But i still feel like in these Tryhackmeboxes stuff is prefabricated to work....like on a plate ! No critque on THM ....i cant solve most boxes yet ! But thats not my point....I lagg realtime experience ....! DO you think something like bughunting i.e will solve my thirst 😉

well you are free to try your skills in bug bounties. because that's your consent right there

I dont think you are going to find a ton of wordpress instances with bug bounty programs .. but that is what lab setups are for.. host the target system locally yourself

might still want to keep an eye on what they actually consent to. if you don't know what you're doing, it's easy to leave the approved scope

if you cant solve most boxes yet, then you should probably learn to solve a few of them while learning other subjcts related to web application hacking like burp suite, how the web works, http in detail, what each response code means, etc etc

Or.. keep doing it until someone turns you inside out for educational reasons

trying to bypass a firewall is definitely not the first thing you need to learn if you get acquaintedwith tools

Yeah but that is what i am doing ! And at the moment ...i learn that there are Firewalls blocking my requests ...primarely 403 and 409 🙂

dont think those are firewalls

because you are trying to access something you are not allowed to

hence the 403 forbidden

you will come across this a lot on public sites, so you should probably learn a bit more on tryhackme before

If you are getting a 403 you are already past the firewall.

Do people here know how to use proto[expr:size] on tcpdump? Like in honestly idek wth a header byte is why am i learning this ?

The urge to help is real, but we can't help with illegal stuff.

just jumping way ahead.. but thats okay, we need people to warn others of cliffs, too

I get this guys. Lets say it was gray area ok 😉 But you guys are right ...i will stick to THM. But i learned something ! 403 is passed the FW

You know what, alright

yes i know, 403s come from the webserver configuration itself

Yeah i will practice a bit more then go for bughunting ! I just need more to play with....i feel this boxes are somewhat unreal ...even if they made complicated

Its the webserver telling you to keep your unwashed and unworthy hands off of stuff that outside connections are not meant to gaze upon in their heathenesss

Got it

there probably isn't even a firewall in sight

Who knows ...I will stop my exploration 🙂 Back to the lab it is

Sup guys and gals, quick question for ya. Im hosting my website on my apache server at home with a reverse proxy through cloudflare, but when I enter my public ip into my browser url, it still tries to direct me to my site on an unsecure connection. How to i remove my public ip from being searched?

Message says: This Connection is Untrusted
Go Back
The owner of “ip address”
has configured their
website improperly. To protect your information from being stolen, Firefox has not connected to this website.

Did you install a TLS certificate for your web-server?

buy a server and host it on there, you cannot "remove" your pubic IP from being accessed if ports 80/443 are forwarded. apart from that you will need to configure your webserver correctly for SSL/TLS because right now your apache webserver serves HTTPS connections with a certificate that does not match the IP, so the browser throws a TLS error

obv not

What reverse proxy are you using? You probably need to config your server to redirect to HTTPS. If it's nginx, for example, you have to add a server rule for HTTP and redirect to HTTPS.

I have a tls cert pointing at my actual domain. Sorry i wasnt clear, my ip address tries to redirect to my actual domain but there is a cert mismatch with the ip and the domain

Ah, then that's the problem. Your TLS cert is generated only for your domain. This is a feature of TLS. If you want to stop serving on your public IP, just stop listening on port 80. You won't be able to hit your website on TLS on your IP, regardless.

Copy that, i have port forwarding on 443 only, not http. Am i allowed to post the domain here to see if you see anything with my domain tied to my ip? I just want to make sure im safe against ddos if someone was to do that lol

cloudflare doesn't require the ports be forwarded to be used as a proxy.

not what i was referring to

I'm not familiar with how a Cloudflare reverse proxy works. If it's through like SSH tunneling, or some other obfuscation method, it's probably not gonna expose your IP. I can help you check, but send the domain via DMs.

buy vps men

For sure, i appreciate it!

then buy domain

no host webserver on local machine

bad

they did

"on my apache server at home"

still a domain 😉 That what I was answering to ^^

I did buy one?

domain != vps

buy vps to install apache server on men

Cant argue there, yet still they bought a domain 😉

Honestly I never tried to reroute a dns record through a reverse proxy to my home network, so I can't comment on that.. and I want anyone to stop me if I ever try

no need to buy domain for local webserver if local webserver has local ip then custom domain/hostname can be used in windows or linux hosts file

but i dont think that what he want to do

just buy vps men

This is a good point. Is your Apache server at least running isolated from the rest of your network/system? @glacial pecan

Running through a docker container currently

There's been cases of container breakout, so at least try to run it in a VM or, ideally a separate machine. If you can afford a cheap managed switch, set up a VLAN for your server.

Definitely, ill do one of those to segment it. Thanks!

They have regular proxy, but they also have some proxy tunnel tool that you can use without port forwarding.

Hm...can anyone tell me from where to learn AD?

Microsft Website

https://learn.microsoft.com/en-us/training/paths/active-directory-domain-services/

Hey guys can anyone say how can i get private indicator on TrandingView?

On what?

"TradingView"?

TrandingView

Yes

You are on the wrong server here

And no, I am not giving you a different server

👍🏽

@past bone
We do not assist with account recovery here.
Contact the platform itself for support.
Be careful of scammers. #📢・announcement message

@woven anvil 👍🏾

@woven anvil do you remember when I talked to you about laptops?

About buying one?

@woven anvil you here?

just ask the question...

I found new laptop the specs are

Lenovo thinkbook g2 itl
11 Gen
IPS
M2 SSD
512 GB
DDR4
1920×1080 (FHD)
Intel Core i5
2.40 GHz
16 GB
Are these is this better?

which cpu exactly

I5 1135G7

2.4GHz up to 4.2GHz

If it is comparable in price to the other two, and the hard drive can be upgraded later on, I would choose this one

no I was looking at the threads, not frequency

Alr thanks

It's cheap comes with 3 month warranty

im trying to switch my ChromeOS to linux and im wondering what linux operator i should download

its on my laptop

Does your Chromebook support linux?

yes im in the trial mode rn w linux

"Trial Mode", no idea what that means - but alright. You asked about "Linux Operator", and that's not a term I reconize. Do you mean linux distro?

Like.. Ubuntu/Mint/Fedora?

ubuntu or mint would be simple options

yes

okay thankyou

also chromeOS IS linux, Gentoo specifically

How can I go from backend developer to devsecops?

someone has asked this question before
https://www.reddit.com/r/devsecops/comments/1iwyvv3/what_do_you_think_about_transitioning_from/

*ChromeOS has a heavily modified version of the linux kernel, like Android, but is not the same linux kernel we use in our generic linux OSes.

still linux

https://wiki.gentoo.org/wiki/Lenovo_ThinkBook_15_G2_ITL

Hi is Professor Messer the best free way to grind security+ & retain the information ?

Can't speak to your retainment, but I think he gives a pretty thorough overview

What combo should I do in order to learn supplementing professor messer ?

Depends on your preference. I've always mostly relied on the official material and only supplemented it with videos.

I'm new here. I need help. Where can I start or what resources can I use to make my internet interactions safer and also limit my presence in general on the internet. Thanks for any suggestions and I hope I asked that correctly.

Like the official e-books

No

This is not the kinda conversation we’re having here

Why would you ask that lmfao

You’d be surprised how many people join and just say “how do I hack an insta account”

no bueno man lol

https://tenor.com/view/for-what-purpose-scott-forrester-fbi-international-to-what-end-for-what-intention-gif-26202898

😹

It depends on every single person, I’d say the most common amount is somewhere between 2-5

Anyone know of Any good free courses on kali linux ? 2024-present

Did I say that?

you heard of multitasking?
I can do 2 things at the same time

What if its the same usb. Does it read it as a different every time 🤯 lol im just asking i dunno anything about anything. What if its a datablocker attached to it will it register?

Not near a computer so cant tell you

😓 oof

I keep a usb hub attached so i wonder how it reads

im interested in learning kali and im installing it with windows on the same ssd, how much storage should i allocate to it? also which metapackage should i get?

I think 80gb been a while. Been studying from otw book but there’s so many videos I don’t know what to watch

Im not the most graceful. I’ll pull it out them plug it in sevral times toncheck if its working 🤣

Some dont read /register properly

Especially some from amazon but the ones form temu work like a charm

Lol

Giving me some homework lol imma have to check in the morning

what is hacking

From siri: A security hacker or security researcher is someone who explores methods for breaching or bypassing defenses and exploiting weaknesses in a computer system or network.

“From Siri”

Stop right there broski

im currently working in breakfix it i got my security plus cert i dont know what roles and skills i should be acquiring and if i should add that to my resume?

?

@swift badge
Please read our #👥・info and #📜・rules
No asking for unethical things here.

@tired python
Its just regular windows terminal, and don't post videos like this here.

thanks

so sorry abhout that

wont happen again

hey people
just joined the server
i am a cyber security enthusiast and want to secure a job in the domain
but i just have foundational knowledge in the field and as you know fresher hiring is 0 to none
would like your help in learning and securing a role
open to suggestions and help

Wassup with y'all guys I'm new here and I got zero knowledge of cyber security and I was looking to see if anybody would be willing to school and teach me I would appreciate it thanks

Here are some resources for you to checkout #👥・new-member-guide #📜・certs-and-career .

We dont really mentor one to one.But we can give you the resources and guidance needed.Start here #👥・new-member-guide and also the #📜・certs-and-career and #💕・free-resources would be helpful to.

Thanks I really appreciate the help

thanks

hii

anyone knows abot pwn.collage website

Is there a followup question to it?

brooo,where i can learn real hacking stuffs

We like to direct to #👥・new-member-guide
"Real life hacking stuff" is probably a misconception, cause in order to be able to, you gotta have the basic theory and practice down and have to be able to see and understand what your situation is

If hacking/pentesting can be described as "You can safely assume that you know infrastructure, networks, operating systems and their real world configuration better, than the people that administrate and secure them for a living", then you have to go through the whole thing.. gonna take long years to get there

This isn't a "I saw that tool on youtube, now I am hacking"-situation ^^

Okk bro

Really not your bro

how do i hide that im using vpn from my isp??

you typically don't

But why would you want to anyway?

privacy ig

Well chances are you are not going to.. cause if all your connections go "through" the ISP connection to "the same server" then there is no way you are going to hide that

your privacy comes from the isp not seeing which sites you visit.. not that you are hiding from them that they don't see it

i looked up online and came up with "Obfuscation" but i dont know much about so i asked

There are other techniques, like letting your computer open up all kinds of connections so that the ones you do initiate do not show up as prominent, but that's really just wishful thinking if you want to use a vpn

ohh too much hassle

thanks anyway

why dont I have access to some server channels?

need to reach lvl 1 on the server first

Chat a bit in #💬・old-gen-chat

oh okay, thanks

Hi ! Sorry if the question's already been asked but

How can i hack my X account back.

I want to grow my yt and i've put a lot of work in my X
Only to fall victim to a combo list

Forget about the whole concept of "hacking back" - you are not going to and we are not helping you #📜・rules
You may though now get DMs from scammers targetting the gullible

contact the support of the service you have problems at

I've BEEN trying to contact X support
They just turn a blind eye on me

And the answer you gave me implies that ot is possible right ?

Would appreciate it though if you report people trying to scam you now via #📩┃ticket

If that is what you heard me saying, then that is in your brain, not in what I said.

Bottom line is - we are not helping you

The key word here is "implying" not saying

I'll see if i get any dms of that nature thanks for looking out

This isn't your account. It is twitters account, you make a claim on that they apparently do not agree with, or else their support would be the place you have to go to.

You asking for help "hacking it back" is the same level of nutjob thinking as if you go up to a random guy with a hammer on the street and ask them to break into the local bank cause you have an account there with your money and they bank isn't giving you the money.. so would they be so kind as to "break into the bank, and only get your own money out?"

Lmao i get your point

However
All of this does not change my point, like i said , the answer you gave me I M P L I E S that hacking back is , in fact , possible

That's what i was trying to get at

You not beeing Willing to help me is an entirely different subject matter pal

you totally realize that what you are asking for is still highly illegal, and that discord is a public forum that monitors everything you do and say, right? Just making sure

they even let you request a copy of what is saved about you

I have effectively been locked out of my account
I know that you should only assume internet People are ill intent
But im of good faith

Well, hacking isn't even legal to Begin with

Is that so

If it was the only concern, the discord wouldn't be

Hacking is entirely legal, if done within legal consent of all parties involved. That is what half of cybersecurity and pentesting is about - a billion dollar industry

And that is why we draw a sharp line

It is, in fact, legal under certain circumstances and that is what the rules allow here. I’d listen to @whole patio if I were you, before the mods snipe you.

Yeah , and Killing is entirely legal if all parties agree

Let's say you're right
Which, i dont even contradict

Your formulation is quite lousy AND you are condescending for nothing. Thats not really palatable of you

But anyways

My formulation is precise - its just that you don't want to hear the core message "we don't help you" and seem to still think this is a point up for debate

No need to argue, i got you, this is not the place to ask for this kind of help

Please don't take my explanations as arguments

I am just trying to let you know your situation

I've BEEN saying that it was not the matter at hand
My question was then to know if it was possible
Not trying to know if you would help me, which you gave me early on answer to both questions , im not dense

Tell you what.. wait for someone to DM you, ask for payment upfront, and see if they deliver

Not trying to get anything else from you
And yeah, your formulations are lousy + reading comprehension needs a bit of work

Here we go with an other subject : scam

Which i already adressed

We are arguing semantics here.. twitter accounts have been hacked in the past, credentials have been leaked... this isnt about an "is it possible, thats ALL I ask" - its about is anyone going to do it for you - and the answer is no

your questions comes up about 4-8 times per day on this server

we know what you want, we know what you get, the only thing that needs to be seen is whether you come again complaining that an account on this server took your money and is now ghosting you

Yh sémantics was my whole point when i said : lousy formulation

Can you help me : you're not going to
Is it possible : yes it is, but we're not going to

That's it THATS IT lmaoooo damn dont be so sensitive over such simple enquiries

My question comes often : yeah i apologised upfront for the potential repost of the question

You are going to get scam : i'll report any scam attent if i see any

damn, NO NEED TO BE MEAN WTF , this should have been a fairly simple exchange.

Buddy, you went there when you tried to argue "Oh yeah I get all that, but still - "is it possible?"
Im neither sensitive nor mad here - I will have forgotten your name and this interaction tomorrow

Me too

I "try" to give people context and information about the reason why they are not getting help - some appreciate it, some get mad

Its just what it is

Which you didnt lmaaoooo

You first said : no , fuck off
BEFORE giving any context or info

Ppl never get mad for guidance

They do get mad when said guidance is out of order

4 or 6 message in before i get a somewhat helpful analogy
Another 3 before i effictively learn that this is a frequent topic
WHICH i apologize first for not knowing

Like you said
I'll forget you and this server in about 1 hour

Still you have some work to do on the way you handle things man

Probably should take this out of #👥・help-me by now

Can somoene help me where should i start this whole cyber thing?

#👥・new-member-guide is a good starting point

So i just go to blue team and start from there and then will go to bottom?

just take a look - not everyone starts with the same starting point, so it is meant as a more general offer if resources. If you know you have specific ambitions, there are more specific channels on this server

Okay will do thanks

What app or site can I use to learn programming and shell scripting from scratch cause I'm a newbie doing data science

I suggest freecodecamp it's web based

I'm new in the cybersecurity field and I'm trying to learn how to use wireshark for investigations and packet analysis. Currently I'm doing exercises on malware analysis net but I find myself short of information and commands to use to look for specific things I'm tasked to find. Kindly point me to any resources that could be helpful.

One more day and I'm finally gonna get laptop

which one

I need help and advice. My boss got hacked by an ex employee, he planned this for quite long as it seems, we don’t know how he keeps getting in. We believe he set up Apple Business Manager, ninja one and other back doors. I need someone to talk to and get a clear picture of what is happening and advice

contact an incident responce team

nobody here can help you with something like that

Get an incident responder involved. If it's a rogue former employee, you also probably want the police involved.

Do you guys have any good resources of how to understand hacking and be more effective on it especially on hackthebox labs?? I have done most fundamentals in hackthebox academy that are very necessary but I cant still understand what to do.. for example I nmap, see port 21 ftp and I dont know what to do next.. do you guys have good resources? Like youtube or textbooks?

https://tryhackme.com/hacktivities

i think you should go through one of these paths first

before hackthebox?

Guys I need help on cybersecurity videos for starter

yeah

john hammond is good, hackersploit also

Thanks bro

Can you kindly share with me some server where I can get updates and materials from

This server

here

john hammond also has a discord server in his youtube

but i dotnt know what the link is you will have to look yourself

MDM installed on iPhone and macOS by attacker, contacted apple they can’t don’t nothing how can I get rid of it

https://www.reddit.com/r/iphone/comments/1lm8bpg/remove_iphone_from_mdm/
https://discussions.apple.com/thread/254748177?sortBy=rank

apple can do something btw, book a genius appointment at your local apple store if you're unable to remove it

I’m testing for a container escape and occasionally get unexpected privilege escalation, but only under heavy load. Seccomp and AppArmor are enabled and I can’t find a clear kernel exploit. Anyone know anything?

Yeah I’m not gonna lie I’d go get a new phone 😂

That’s the thing I did but whenever I get a brand new phone it get registered and automatically enrolled into MDM which I’m not sure if it’s apple or ninja one maybe. Mind you we don’t have a MDM system here

Turn on lockdown mode

They can’t install it with lockdown mode enabled

thats bullshit

It was done by an ex employee and he had access everywhere

there is zero chance that after buying a brand new phone it automatically gets registered to an MDM profile

you are essentially claiming that the entirety of Apple's iPhone and Mac stock is backdoored by one singular attacker

this is not true

It is

They are enrolled into entra ID and auto enrolled into MDM

if you find proof of this which you wont because it didnt happen

go to citizen lab

and report it

lockdown mode prevents any profiles from being installed

apart from that, book an appointment with an Apple Genius, they will be able to remove it

?

not much info there to help you, what container? docker? custom one? VMware? what do you mean by "under heavy load"?, and if seccomp and apparmor are both enabled, then obviously you wont find any "clear" kernel exploit, this is not an easy game

so basicially if you get a new iphone and turn on lockdown mode before you give your employer the number they wont be able to install or enroll it in mdm

he doesnt have mdm profiles in his company im pretty sure he mentioned

"Mind you we don’t have a MDM system here"

my bad i misread

furthermore you'd get fired for doing that

it works for adversaries as well

It’s a Docker container running on Ubuntu 24.04. By heavy load, I mean multiple parallel processes hitting syscalls simultaneously, not huge traffic.

so its not exactly a mature exploit

i would go and do a fuckton more research and study into linux kernel exploitation, binary exploitation, and reverse engineering overall

hello, i'm new to pentesting and im kinda stuck with setting up a vm network on vmware
im following the steps mentioned in the book "penetration testing - a hands on introduction to hacking", and it mentions creating a bridged network. i did that, but for some reason my vm is not connecting to the internet. its not recieving any DHCP packets, its not being assigned an ip and chatgpt is making a mess. id really appreciate any help which can solve this and can setup the vm network

Yeah, I’ve already done a fuckton of research into Linux kernel exploitation, binary exploitation, and reverse engineering overall. I’ve read the docs, studied similar exploits, tested tons of scenarios. I still can’t figure out why this keeps happening under load.

Surely someone knows something in here

try NAT

Dude why are you letting ai talk for you

This question makes no sense

yeah, no, i wouldnt have high hopes on that

especially on those subjects

Also why do you need a lpe vector exactly

you would need to debug it using GDB or something similar to find out why, but no, nobody can help you with the information you have given us

you gave no context, no list of what you tried, no screenshots, no logs, nothing. you just asked "why kernel exploit no work"
therefore nobody can help you

will it have any major difference/impact as compared to bridging in pentesting? since im sending out traffic from my host pc instead of the vms now

u will be sending traffic from ur vm

just sharing the internet connection

ohh okay

no major difference i run NAT and analyse malware all the time

thanks ill try doing that

it works now (for the one machine at least, ill be setting up others as well), thanks a lot :)

Here is a very simple explanation of what you have to do in Android Application Penetration Testing:
👉 What is this project?
It means checking Android apps for security problems like hackers do (but legally and ethically).

Can someone help me

Ask

Oh

No idea

Did you research?

Hello, is there anyone here who can help me?

State your problem

I don't have a problem, I just have a question about issues related to this field, preferably from someone who has income from this field

Just ask the question

I wanted to ask the people who are studying in this field, how much income can they earn online at the same time with basic skills?

Basic skills will get you nowhere

Specialize in something

Do you love this field or do you come here for money?

I came here for advice, I don't know English, my skills are not enough to earn money, I live in the Middle East and I intend to emigrate, I wanted to ask about job and education.

Well, then focus on learning skills first

If you feel like you are capable, then you can think of earning money,

If you want easy money, there are always some other CS fields like AI or Data Science

It is true, but these issues are vital for me, I need to know how much money a security student earns, how he earns money online, I need to know what things are necessary to reach the level of earning money online, and whether the income is enough for life or not? Actually, my questions are not technical, but they are related to life around this field.

It would be great if I could talk to someone at this level in private

@steady palm

He is more experienced

@steady palm maybe you can take it from here when youre free

I'm sorry, I didn't understand

He can help you with this

I understand, how can I message them?

He will reply here

PS: Any statements I make are not meant to be political.

Currently the Middle East job market isn’t the best, maybe a business could stand out or if you follow trends, all comes down to how much money you have, and if you want to get a job in middle east UAE is a good choice for tech and health industries where as outside middle east, germany, Spain and south korea are good picks.

حاليًا سوق العمل في الشرق الأوسط ليس في أفضل حالاته، ربما يمكن لمشروع تجاري أن يبرز أو إذا اتبعت الاتجاهات، فالأمر كله يعتمد على مقدار المال الذي لديك، وإذا كنت تريد الحصول على وظيفة في الشرق الأوسط فالإمارات خيار جيد لقطاعات التكنولوجيا والصحة، أما خارج الشرق الأوسط فألمانيا وإسبانيا وكوريا الجنوبية خيارات جيدة.

Jeez that took a while to write without offending anyone.

Is any other language allowed in this server..

👀

English is preferred but the main goal is to help people.

Unnecessarily, no.

I understand, look, I intend to immigrate, through this field, maybe a scholarship or maybe immigration, but I want to know more about earning income and the amount of income, the amount of skills required and a few other things, can you help me?

Go to ChatGPT, select Deep Research, and explain your situation there. If you don’t get anything helpful from it, then leave a message here.

روح إلى شات جي بي تي، اختر البحث المتعمق، واشرح وضعك هناك. وإذا ما حصلت على شيء مفيد من هناك، اترك رسالة هنا.

If chatgpt could answer me, it would not guide me to come here, in any case, thank you

And ،I don't speak Arabic

That kinda makes it epic 😉

I'm afraid I can't answer your question either though

Asking to stick to one language is usually done to not force mods to use online translation - and multiple times if multiple mods see it and every single one thinks they might be the first one seeing it

@karmic leaf It seems like its sorted?

Not exactly.. seems like his english isnt that good and wants a real persons advice, if you have a bit of knowledge about job markets abroad then let him know.

also in short he is from the middle east and wants to emigrate and go somewhere outside for a job.

If youre free then lend em a hand

Any polish here ?

@peak chasm Here’s what i can tell you about the industry:
Entry-level roles in the Middle East usually pay $30k–$50k USD annually.
Online, bug bounties are inconsistent, you might make $0 for months and then hit a $5,000 payout in a single day.
Join platforms like HackerOne, Intigriti or Bugcrowd. You find security flaws, report them ethically, and get paid.
Master Networking, Web Architecture, and Scripting. More importantly, you need the grit to keep going when you find nothing for weeks.
If you're earning USD, you can live very well in your region. But treat it as a side job until your skills are elite.
Focus on mastery first, the money follows the skill.

The cybersec job market in general pays well but is heavily experience and qualification dependant. So is it worth a while path to follow, Definitely. But, get the right certs and put in the work. check out the #📜・certs-and-career channel. Hopefully this helps.

Guys I am beginner and at 1yr of my college if u can recommend me yt channel where I can learn from about cyber security

how much money a security student earns = nothing, they are a student, they study, they dont work (unless you are in the UK and are doing an apprenticeship which i dont think you live there)
how he earns money online = depends if they have any skillset (bug bounty, coding, web development etc) that they can sell as a service to online customers
what things are necessary to reach the level of earning money online = skills in a specific online niche subject (like ones mentioned above), and the ability to communicate and market those skills to potential customers on online forums, discord servers, telegram channels, etc etc
whether the income is enough for life or not? = depends how good of a cyber job position you get, and or depends on how many customers you get from providing your online services, and how frequent that is

hackersploit and john hammond

can anyone help me with a site with hand-on labs for linux

To answer yesterdays question. Windows cannot find Hkey_local_ machine\system\current control set\ENUM\USB.

🤯☠️

On my pc anyway

Messgaes were deleted so 🤷‍♂️

can you lead me to linix labs i can practice

Practice what? You can just spin up linu VMs yourself, if this is just you trying to get familiar with it

yes im not great im learning i just wanted somewhere i can linux

anyone help

Install linux inside a virtual machine - they all have guides for that

and you can play around with it to your hearts content

okay thank you so so much

With parallelism on nmap and using the rate for example --min-rate 1000 --max-parallelism 5

With parallelism on nmap and using the rate for example --min-rate 1000 --max-parallelism 5 whats the difference between these two? tryhackme didnt really explain it well to be???

min-rate is minimum packets per second
max-parallelism is the most probes it can run simultaneously

https://nmap.org/book/man-performance.html

i see

ill read it now

honestly unless you're troubleshooting or really need to tune it's easiest to just use the -T# timing options

TryHackMe has awful info sometimes

ye

I just wanna learn all i can tbh

no, and asking for that is against the rules. just ask your question here

hi guys,
I have enabled my Atheros UB91 on Monitor Mode,
i'm currently trying to run the following command airodump-ng --band abg wlan0 and I'm only getting outputs about my local networks.