#👥・help-me

Hi everyone, I’m trying to break into cybersecurity properly and could use some advice from people already in the field. I’ve done some real Microsoft 365 security work recently and now I’m figuring out my next steps but feel lost

I don’t know if anyone would be willing to give me some advice or tips

Tried but did not help, still no flag triggered

If the alert fires but the challenge isn’t marked as solved in the scoreboard then it might not be the exact vector the room expects

some DOM XSS tasks require triggering it in a very specific context

I am not really in the cyber field, rather IT, but I am gradually building knowledge to do pentesting one day, and offensive security in general. You wanna work on the Blue Team in SOC being like Security Analyst or?

Yeah man I’m leaning more towards the blue team side and cloud security or ai security which im still just experimenting with to see if it’s worth it fr

I search more and got the flag. I understood what Juice Shop wanted. The correct payload is <iframe src="javascript:alert(xss)"> While I was trying ' around xss, it should be `

Thanks for the help @woven hazel

Yeah, with DOM XSS the exact context matters a lot

yw fam, Glad you figured out what Juice Shop was expecting

I would suggest than focusing on THM and HTB Blue Team certification with HTB being the stronger and more indepth choice. But you can study on both platforms in in parallel

Appreciate that, I’ve actually been strengthening KQL and cloud security but I agree I probably need more structured blue team lab exposure. I’ll look into the HTB pathway properly. Have you found it helped you in interviews?

I am still learning into my first certifications there. The IT job I am doing did not really relate to cyber, but for sure many concepts overlap so I would say these platforms are also great for general IT and OS / Networks / Web knowledge

I believe you will find rooms on KQL on those platforms

Currently I only hold CC from ISC2 and Google Cyber Security in terms of certifications. But I am supposed to take CJCA and CWES on HTB before August and PT1 on THM before December this year.

Appreciate that I agree there’s a lot of overlap between IT and cyber and I probably need more structured blue team exposure I’ve done hands-on defensive work in M365 already, but I want to formalise my foundations properly. I’ll look deeper into HTB’s pathway and see how it complements my KQL and cloud focus but how are you finding the studying aspect of it

Like sometimes I get really burnt out

If you want to learn specifically KQL, you can have a look at https://academy.bluraven.io/

https://letsdefend.io/
And well that's the usual blue team material

This is golden thank you😭

idk abt that man :((

which is best vpn for backing

mullvad

best vpn overall

how about best free vpn

would that be proton?

You don't need a VPN if you are hacking legally

probably

Got it, Thanks

Anyone got the feeling of wanting to program but dont wanna program? like you know how it's logic works but you want to understand it more deeply of how that logic thing works from within and within and within and so on

Same, and I am quite often just lazy to progress...

bro theres no good vpn for free for illegal shit

how exactly do you think free vpn services finance themselves here

trying to get into cybersecurity pentesting, is tryhackme a good resource?

Yes

free users

What - you believe they finance themselves by people who are not paying anything?

and by asking for "the best" free service.. as in I assume the best service and bandwidth.. what do you think they finance that with?

Honestly and 100% want you to think about that

You seriously dont think they keep records?

Data about the users becomes valuable.

long, long ago we made jokes about how clever it would be for law enforcement to offer free vpn services and let the nefarious people come to them.. not a lot has changed since then

any good suggestion for a newbie into cybersec

The usual advice is to start here #👥・new-member-guide

kk tnks

good thinking

im js tryna get into com

Unless you are trying to do something illegal, you don't need a VPN service

💔💔

Can someone please please tell me cheap options for laptop/pc which support pytorch?

https://www.geeksforgeeks.org/python/pytorch-system-requirements/#hardware-requirements-for-pytorch any that meets the requirements

I'll check it out thankyou!

what are the most important steps to protect privacy and address while hacking

Which type of "hacking"?

like trapping

Ooooo like unethical stuff?

yea

https://tenor.com/view/don't-do-that-don't-stop-stop-it-john-oliver-gif-12256614430623181140

Let me point you at a great resource for that -------> #📜・rules

goody 2 shoes

i meant im just trying to stay undetected when im bug bounty hunting

Oh, if thats the case, then make sure you read our #👥・info as well.
I'll give you some time.

I need an cloud device to run 24*7 but i aint gonna pay any suggestions? Or a vps

Free ways

there isnt any service like this out there apart from google cloud or azure servers

which dont give you full access

very limited with what you can do with them

@sacred plume You can use Utho.com cloud service provider

pretty sure they're not free lol

not sure why you suggested that

yep, if a service is free, then you are the product

Oracle terminated their free server pretty quick anyway, once you did not pay

do you have root access and is the server accessible from the public internet?

How do I find my old password on account I lost

hm fair

@plucky ferry Deploy your own compute using Proxmox

Probably won't

not in the cloud, not publicly accessible, not ideal

They just told me that they stop providing it

@plucky ferry One can deploy Proxmox in their Home Network and in given sepecific safety precautions can use it anywhere

disagree a bit here though. "need" no, but i vpn most all my traffic so isp isn't tracking everything

not ideal for cloud infrastructure or your home network

what is "trapping"?

So do I - but he asked especially "for hacking"

@plucky ferry what's ideal then ??

@plucky ferry show me the torch

for cloud infra

buying a cloud server

lol

@plucky ferry THat cost you dummy

Yeah it was one of those "always free" offers

obviously, if you want HQ hardware and actual infra you can use, you gotta pay

nothing good is free

go get a job

@sacred plume he said specifically he don't want to pay

But whether they want/can/will doesn't change the situation

and i have already given other options so did @turbid glacier

@plucky ferry what i suggested was Real Life senario which he can actually deploy maintain and use for free

read

read

often good practice to keep it on anyway for that imo. even if you're doing something completely legal, it's still possible you might piss off a corp that goes after you. no reason to give them free ammo.

and if going into ethical offsec, it's good to build cognizance of opsec around your activities

but yeah i would not recommend using free vpns 99.9% of the time

That is really not their situation as they described it

Thanks for your suggestion unlike some idiotics who knows how to make fun only

good for illegal case and for legal case 🤷‍♂️ only time i'd say it's better to not use one is if all your exits are flagged and vpn detection changes target behavior

If one has an agreed upon scope, and needs to know what IPs the scans are coming from to ensure that things are getting testing properly, then you would not want a VPN.

If you are working for a company, then you might also not want information going through a third-party exit node provided by "some random company". There are many reasons to both use and not use VPN in the professional sense.

undetected or unidentified?

Please search up what they are asking for in google to understand the intent, and believe me when I say that we should stop talking about it. It is a dead question in this context.

I would say THEN you would use a VPN

i'd agree with that in the case where IP whitelisting is needed, i had to do that for a sensitive test once. that message was more addressing bug bounty context where there's no existing relationship

ah i didn't understand "trapping" in this context but get it now. scumbags 🙄

Can I get a recommendation for a very strong vpn

whats your budget

mullvad pretty solid

Can I get I on play store

no idea

Trust me, I love VPNs and networking. 😛

@frozen girder
Read the #📜・rules

Waaaaaat?
There are.. RULES????

both

You really have not the slightest clue what you talk about, have you

💔

Can someone help me get more likes on my insta comment I need to win for giveaway

🛸 👽

bro kinda wild that you just straight up said you want to do unethical things earlier

need help getting acc back

Contact the service for account recovery help we do not help with that here

I've try that and haven't got my acc back

That’s unfortunate but it doesn’t change the fact that we do not help with account recovery here.

Hi, I am about to get kicked out of one program that gave me 9k in aid cz i had a missing monthly payment. I am looking for small projects.

I ship insanely fast without quality loss. Plz help.

I could send my portfolio if you could plz dm me

#📜・rules there is also no self-promotion permitted in the server

We especially do not deal in account recovery here, for obvious reasons.

Might get DMed by scammers now

Hey guys can anyone help me with a name of software I can use to track down my lost IOS phone

Easy. You can't

Unless you have set up software beforehand

Then how do the pops track phone when they are stolen

You mean police? They usually don't. If they do, it's not simply a tool.

You can use "Find My" search for it on the iCloud and log in, it will show you last known location

Apple loves to know where its stuff is

That's the part with "unless you've set it up beforehand". Won't do you any good though, if someone found it

If it's off or reset, you're probs SOL

And yes, I mean, depending on where you are, law enforcement probably won't help any way so I completely agree that if it's stolen you probably won't get it back without buying it back

There was a whole thing in the US where some lady tracked her "lost" luggage to a shipping container at a port and the police still wouldn't let her get it, it just got shipped overseas

Still surprised the stuff isn't inside some faraday bags

Apparently not necessary

So just a quick question, im not that great with all this stuff but my mother is a little worried, and I feel a little bad I cant answer her question. I cant send images on here and I dont know if im allowed to do this but can I dm someone? Its about multiple WiFi names I dont really understand 😓😓

No need for images, you can drop the question here

Don't worry

My bad if I sound a tad dumb by saying this, but my mother's saying she lives in a newbuild area, no other occupants in the house except 1 neighbour

She's seeing all these same wifi points?

And they all start with the same 'STL'

And shes just worrying if hes trying to get her to connect to something accidentally to do something malicious

Like I think it'd be a bit easier to send an image 😂😂

Bit confusing to say it like this

@woven hazel

She only lives near 1 other person

haha no worries, it makes sense

What she's seeing is probably just multiple access points from the same ISP/router brand, they usualy name SSIDs the same way in an area

banksy
stlvep3a
stlvep3a (5 ghz)
stllf93r
stlmem7y
stl47a9j_ext
stllf93r (5 ghz)
stlfrmy7 5ghz
stlmem7y (5 ghz)

Some devices can spawn a great number of SSID, wouldn't worry about it

Banksy is her mobile data ))

as long as your mom connects to the one she knows and uses the correct password, she should be fine, nothing malicious in just seeing those names

Okay, thank you so much

🙏🙏

yw, if you get worried about anything else drop it

How would I like

Explain to her hes not trying to 'hack' her or anything?

Not sure if hack is the right word lmao

I was looking into doing this with an ESP32, lol

You could tell her something like: “those Wifi names you see are just the default names from the ISP or router brand, seeing them doesn’t mean anyone is trying to access your network"

Thanks, I really appreciate it

Thank god for the reel I came across about this server too 😂

So i'm doing the beginner path on THM and i wanted to ask if it would make sense to do the Sec0 Cert. or if it would just be a waste of Money?

it's brand new and intended for absolute beginners, so there's probably not much value in having it.

Soc0 is a beginner cert, and the knowledge it gives can be taken from other free sources, so if you are in doubt then I would say do not pay it, look what content it gives and just google it and read it from alternative sources
But if you want a structured learning, which is fair because different people have different learning patterns, then sure pay the cert, it is worth if it can give you a push start 🫡

how much does it cost?

57€

then yeah agree with @slow edge seems more about whether you want to pay for their training structure

the cert itself is unlikely to provide any value to you

ok

tysm :)❤️

Can someone help me with this please, I want to practice my AD hacking skills by setting up the lab with VM however since every single article or video all about setting up windows server 2019 along with window 10 which has been terminated by Microsoft, should I still follor them or not?

what Cert. would you say would be a good one to start with?

Follow them. Then later do it again and don't follow them

2019 will be getting security updates til 2029, so it will still be in use in lots of places

hi

What I am concerning at the moment is the window 10

best way to choose certs is to look at job ads for the kind of roles you want and see what they're asking for

Do it with win 10. Then again with win 11...

or do both at once so you can see how they look different in AD

so i'm not old enough to have a proper job... or do you mean i sould just look what people get in the sector of jobs that i want to do?

bloodhound found me an active win7 box during a pentest last year lol

You are asking whether a cert is "worth it". That depends. Checking which certs employers are looking for in your region is a good indicator

if you want to get a cert to later put on your resume, then yeah look at jobs you think you might want to do, and see what certs they mention

The one people usually look out for might be expansive

if you just want to build skills in a particular subject, then training for certs isn't the only way to do that, and it's probably the most expensive

i know 🙁

so now im just doing the free paths on THM and having a look in the Kali (Pen-103?) course from offsec

my "dream" would be working in the red team area

And their dream colleague would be a very experienced person with multiple indepth skills

hadn't heard of pen-103 / KLCP before. might could be useful i guess but i definitely wouldn't pay for it

also remember that it's totally ok to just go off and explore whatever interests you independently from platforms like that

im not payin 250€ for that...

It's the default free "this is kali" course. Probably irrelevant to you

you're a hacker, you don't have to follow the existing paths :)

it's a pretty fun job

tbh i kinda dislike how newbies all get pushed / gravitate to kali now

i heard that and i like computers so thats why i wantet to do that and i like hacking

blowing up your linux install trying to install janky tools is a great learning experience

Why? would you say its "bad"?

"Now"?

Kali is the industry standard

im not that long in the bubble and leard about kali like 3 weeks ago so...

i wouldn't say "bad" necessarily. but i think for many just starting out it can instill the wrong mindset

You want to tie your identity to an operating system? Go ahead. You want a toolbox that just works. Go kali

now vs when i was first coming up yeah

Kali/backtrack is hardly new

what skills should i learn first? you have any tipps?

Networking and linux basics

for specific applications yeah. i used disposable kali vms frequently for red teaming and pen tests, but pretty much no one i know uses it as a primary system

im using windows 10 cause my cpu cant handle 11....

And why would they

but i like 10 more than 11

great opportunity to try out linux then

I mean, Kali as host os works fine, but it's not necessary. When I ran kali bare metal I still used kali VMs for everything

what linux os should i use? so not kali? ubuntu?

Really doesn't matter. Research, make your decision.

that goes to my earlier point. newbies often get started and immediately hear they need to get kali to hack. they usually don't get the full context of how it's used professionally, or why it might not be the best thing to learn on.

ok👍

i think this is exactly me...

I blame youtube ;}

i havent watched a single youtube tutorial...

for a daily driver common options are ubuntu and mint. there are a lot of distros to choose from though, you can look through options and see what sounds good

i saw the #📜・certs-and-career and saw the first cert

the klcp

and i sounded nice....

key thing to keep in mind is kali is just a pre-built toolbox. it can be super handy, but building mindset and fundamental knowledge is way more important than tools.

ok. so networking and linux first.. then i just finish the THM path almost done with networking 🙂

thank you guys for your help ❤️

no problem, feel free to ask here or ping me when you have more questions

thank you 🫶

can i send you a friend request?

sure

anyone know the best way to make a terminal emulator?

im thinking of making my own, but im not sure what language to start it in

what is an emulator?

could try looking up open source ones and see what they use and how they're written

look up e-DexUI, thats a great example

its basically just a terminal that looks better

your using the normal terminal, but you add some good visuals and stuff for it

ooooh

cool

literally all of them written in like Rust 😭

and they are all for something other then windows

it's a fun flashy toy but not a real choice for actual use

yeah

im just trying to broaden my horizon a little

ive made a couple of cool tools and just want to expand my knowldedge

i've heard cmder is good but never used it

if you just want the visuals then could probably write that and pipe commands to a real shell to handle them

thats what i was thinking

ive made a remote access tool before by just using a hidden powershell window to control the remote system

thinking i might just do the same thing and have a fancy GUI

hey so i dont know if this is unrelated but does anyone know of any non-kyc (identity verification etc) compliant crypto purchasing sites?

anyone here good at phishing?

why?

https://dontasktoask.com/

Phishing is generally frowned upon here #📜・rules

How can I hack u undetected

Hello guys
I'm kinda new here

Hi guys , I just took my first certificate its Google Fundamentals of Cybersecurity, which one should I do next ?

Yeah

welcome, check out #📜・rules and #👥・new-member-guide

Built a hacking copilot tool that automates a lot of the boring recon/scanning work. It's open source and still pretty rough around the edges, but the goal is to make it actually useful for bug bounties and CTFs

Would appreciate any feedback — what features would actually make you use something like this?

https://github.com/Boa-AI-Public/Cobra-Lite

My man, why do you want to impress a group of people with unwise hearts? Maybe you’d like to reconsider your goals?

i get the appeal of doing things you're not supposed to, especially as a kid

but like, there's a difference between breaking rules and hurting people

https://tenor.com/view/black-nerd-black-nerd-gif-26919340

Awww helll naaa

Nicely put ❤️

@thick wigeon
Please read our #👥・info and #📜・rules
This is not a place to self-promote a server.

Nah I didnt told like I just asked any suggestion to protect the server from attacks like any plugins installations or configurations I just asked suggestion I didnt given any server details or stuff Sorry If I have conveyed it in a wrong manner

Are you here to learn how to do it yourself? or are just looking for someone to do it for you?

The sheer number of people who advertise their "Hey I made a tool that can make AI do something that is relevant to your interest" lately is exhausting tbh

By default I assume those are vibe-coded slop machines, that pose more threat than help

Hi chat, how to stay motivated to code and program even if you feel burned out already?

No one is at the top of their game all the time, and we are not mere optimization functions with arms and legs. Feeling overwhelmed and having other priorities is a normal, healthy reaction to various things

Im learning things from this to reach my goal Sorry if the message is like some personal help or something

Take breaks.. do other stuff.. meet people.. use gnome as DE.. get some activity.. all part of it

If you want to have a security engine that can protect a gameserver, maybe look into making IPS rules for surricata, or crowdsec, or even fail2ban

fail2ban should be default

thanks for the info and sorry for asking personal help😅

Look into those, and find out what you actually want to use. If you have questions understanding how they work, you can ask about it. But the message made it seem you were looking for someone to do it for you, and this is a learning server. If its your server, then you gotta learn what is happening on it as well.

Yea I just asked like any one would help me in giving suggestion no any other intention

hello

quick question, what is a homelab?

I'm new to the tech space and hear alot about them

You build stuff at home. In the context of cybersecurity it usually means hosting infrastructure to experiment on. Quite often those are virtual machines

"I want to test this new attack vector, or tool" so I spin up a virtual environment where this tool would work

Or during development of tools.. check if it works

oh ok, so would it be something to start off learning cybersecurity with?

I have no idea where to start

There are several possible starting points. Getting familiarity with virtual machines is not a bad starting point.

Most people who seem lost at the beginning, are just directed to #👥・new-member-guide which keeps them busy for a long while, learning along the way what they could and should be more focussed on

alright, thanks for the help🙏

anytime

hey gusy

hello
chat's in here #💬・old-gen-chat

what is it bro?

wanna learn metasploit any reliable sources for studying?
i kinda have to do arp spoofing and dns spoofing with it

It has a rather extensive documentation

i didnt get u

Metasploit has documentation

I would suggest to look for it, and read it

ah okok

thank you

I’m looking for guidance and learning resources on three areas:

How do you objectively decide whether a laptop or desktop is the better choice for someone?

How do you confidently recommend a specific laptop based on a person’s use case?

When repairing a device, how do you accurately identify and source the correct genuine replacement parts?

I’ve been hesitant for years to upgrade my own devices because technology evolves so quickly. I often work around limitations instead of replacing hardware. However, the field I want to pursue requires familiarity with a wide range of software and hardware environments (including Linux and other major platforms), and I want to improve my decision-making confidence.

I’d appreciate insights from those with experience, especially regarding what I might be overlooking in my thinking process.

The first question has an easy answer: Do they need to do their computing from multiple locations? I travel from my house to my office, for example, and we don’t have assigned seating, so the only option for me is a laptop.

It makes a lot of sense why the first question is easy, much is appreciated! ❤️

For the replacement parts, Google is your friend. You can sometimes find data sheets that have that info, and some brands have services where you can lookup part numbers.

Other than that, your best bet is to open up the device and look at the part labels 🤷🏽‍♂️

I could see where I was overthinking with this part, again, thank you so much ❤️

The answer to all three questions is - Thinkpad

Every part has a replacement number and is readily available.. both original parts and offbrand parts.
Recommending a device.. well the question is what their use cases and requirements are.. the usual "I dunno.. everything? or for cyber, you know?" is those peoples problem.. they need to know what the device has to be capable of

yo what are the best programming languages to learn?

Hey guys, is anyone interested in enrolling in an OffSec certification? I’m considering forming a group (around 10 people) to split the full cost. Do you think that’s a good idea?

I'm talking abt this one https://www.offsec.com/products/learn-enterprise/ (not advertising so pls don't ban me)

every language has its own purpose

can u tell me pls

Well it depends on what are you into

i needa try learn a language that is good to hack computer

or make app

oh well, C, C++, Java or if you are a pervert u can try assembly

alr thanks bro

I know someone who codes in assembly. They are an interesting character to say the least

how to find the free courses in thm?

whats betterTHM or HTB

@whole patio could u pls help me in this situation?

umm anyone help

what's crackin chief?

pls read above msgs

just sign up for a free account and use whatever they let you. i like THM for beginners. HTB for more advanced after THM is easy for you.

Hey, I want to learn hacking from basics to expert level, some sources suggested me to take subscription of hack the box and try hack me, i am bit confused between these two resources, can someone please tell me which is best and efficient way of learning to expert level

ohh hmm

are u going to spend money or not?

is it enough?

not sure. i used the paid sub for both. i think it's worth it if you can afford it. but, regardless, something is better than nothing. use whatever resources you can ethically get your hands on.

hmm ...

so do u think thm worth the price?

100%

yes

ohh

because you get access to their learning pathways

so u improved alot?

nothing is off limits

yes. i got into the top 1%

wym

check this

this is free

idk whther this entire course is fre

e

thanks. but that looks sus af. lol i'll pass. thanks though bro

bro its not sus its called cisco acadamey

search on google

k, thanks

what lol

When you share links share them directly rather than a redirect from google search

ok

do u know about cisco acadmy?

I am

ohh nice.is the fluu course free?

What's fluu course?

Did u mean full?

yes sry

It's not free, some basics chapters are free to learn, but after that you need to pay

for the 70 hours ethical hacking course?

do i need to pay

I m ready to pay but I cant pay at both the sites simultaneously, I want to pay only for one which teaches from scratch to expert,

Yes

70 hours ethical hacking course?

but im already in intro cs ?

its free

I don't know exactly the duration tho

How

intro to cs?

In the try hack me?

nooo cisco

I didn't try it, wait lemme check

Could you share the link?

in the dashboard

scroll a littlebit

u can see alot of courses

I mean the ETHICAL HACKING course

The one with 70h right?

yes

So did u finish this course?

no is it free

@crimson harness
Is there a problem with just sharing the direct link to the resource instead of a google share?

Yeah it is indeed, did u complete it?

The thing I like about thm is the virtual box

Yeah that's what

thm is a monthly susbsricption right

So what's your opinion tho, if you would made up mind for purchasing either thm or htb?

*subscription

Annual is available too

bro my mom is afraid to purchase online stuff with her cc

Do both the free ones, then choose after

Umm, if you would had to buy, what would you do

thats the only prob I have 😭

THM has hundreds of free rooms

Already done mate

wym

does it conatin the virtual box

If u had to buy a subscription of either of these try hack me or hack the box, which would you choose

thm ig

So hack the box is average?

idk people say hack the box is not for beginners

super beginenrs

I would get a small PC to run a homelab to try the things i learned from those

I heard they say that to try hack me

idk thm is really cool

ive never used htb

Point, but not everyone can be you right?

Okay mate appreciate your opinion

I*

😇

Is there a way to locate a device using the imei?

Not really

at least not as a regular person. IMEI based tracking is something only mobile carriers and law enforcement can do

and even then it’s controlled and requires proper authorization

thank you

how could you track a lost device?

you don't

Hey guys, I could use some help

I’ve been scammed recently for a lot of money so I decided to try this

About a year now, somebody seemed to have hacked my network and mobile devices. They apparently sent me some sort of gaming virus from off the dark web and malware that if I try to get rid of it might be able to replicate itself on my devices.

They seem to be pretty sophisticated

If anybody knows anybody with a good heart, and that is legit, please let me know

Who no about flash coin or flash transfer that add to balance

big sad, but thank you for clarifying

Wipe the devices, install anew from installation mediums you got from different devices

If its a lost phone the best option is using official tools like "Find My" (Apple) or google’s Find My Device

If people ask how to track via an IMEI I safely assume this is not an options

Who knows how to bypass paywalls on apps or certain paid platforms

iCloud.com

First of all we are not teaching you with bypassing paywalls

and second

why would you want to bypass one

Just learning

Even “just learning” can cross legal lines

Check out the #📜・rules before making a question fam

Who can open lock binance my binance was lock

Help me solve this. The ctf event ended but i still dont understand how this is encoded.

This is the given statement,

"Cover your tracks because the GenZ are waving

YXMVVMN9MEV2o1G=VNEXcM=7j3AwQTdf"

Looks like layered encoding

The = padding strongly suggests Base64 but wait

this string is malformed, the = only appears in the end

Oh

It might be split Base64 segments

Guys I got a video Yall might want to see

Where do I post. Videos

Split base64? I'l try decoding it in b64 seperately then?

@nimble minnow Don't trust any dms fam

If we isolate the clean-looking part

YXMVVMN9MEV2o1G=

It reads unreadable values in b64

then VNEXcM= which also looks like base64

wait that’s actually a good sign

I see

that usually means: It’s binary data (not meant to be human-readable yet) or it’s another encoding layer or it’s XOR’d / encrypted

it often means “keep going”

@elder hemlock 23550$

@elder hemlock $23550

I am new still so i did xor with a script ai gave but still didn't work. Kept leading nowhere

next thing you should do is check the raw hex output of the decoded bytes

ow

Yea

😔

btw @lucid parcel is probably scamming you - we tell people not to be so darn gullible in one of the recent annoucements

XOR usually comes later. First make sure the Base64 is decoded properly, then remove internal = signs and decode the whole string as one padded blob and then inspect the raw bytes in hex before trying anything like XOR

Any channel - once you reach lvl 25

Okay

I’m in that try hack me thing and u guys might call me stupid but I’ve been stuck on task 4 of room one for ten minutes now trying and trying and I still don’t know what to put into the vm browser

Why tf is subnetting and the whole concept so hard

it does get confusing, but thats when we just fall back to the bigger concepts and take another run at it, you got this, dont give up

Is it really necessary for

Red teaming

thats ok to get stuck, try looking for some write ups to see whats out there

it will be a huge help.
i think everthing is a network in one way or another, even an isolated stand alone box has its own unique "network" within

Do u have any good gesource for learning subnetting

Resource

Like ip address classes are so so hard to understand ngl

use cisco packet tracer, it is good fun, you can visualise the network and they also have some labs you can do

I just finished an Information Technology Services post secondary course in school
Im planning to go back and take a Cybersecurity course
May I have some thoughts/opinion if its recommended?

tryhackme and hackthebox are good options

no. don't go into debt. just acquire hard skills via online platforms and homelab. my 2 cents

and network

with people in the community

that will get you the jobs

know your stuff on a practical level very well.

network here and maybe on linkedin if that's your jam. but don't become a shill. be strategic.

target your desired employers. don't cast a wide net

go all in

please i need some help learning cyber security

can any body help me 😢

#👥・new-member-guide

thanks bro🫡

but can ask u a little question

shoot. go for it

between the red and blue team which is more u know like good in the accept of making money out of it just asking to know🤔

cyber is not a field to make quick cash in. it's pretty much the opposite. most cyber pros are underpaid for what they do. if your heart is somewhere else, i recommend you follow that. if you love cyber, follow what interests you. that's my best advice.

apart from the money accept which is the best to focus on better red or blue i mean ur own option of adive

do you want to break in? or protect stuff?

cop or criminal? (neither is bad)

you'll know the answer. listen to that.

kind of interested in the two though

yeah

learn whichever one interests you the most first. for me, it was red team. then i learned blue after.

So I’m studying for my comptia a+ with Mike meyers does anyone know if his practice questions are close to what I will be asked on the exam ?

Meyers is great for content to study the material. however, for practice tests, use Jason Dion. he is more on target.

Thank you

Professor Messer is also a fantastic resource. but he sounds like a robot, so yeah. there's that, lol

Sounds good thank u

he has a youtube.

Alright
Thank you so much

I mean i need videos and practice test where I don’t need flash cards just where I can retake the practice test and know I’ll pass ya know

@chilly merlin

Dion and Messer have both. Same with Meyers. Either via their websites or on Udemy, etc.

I recommend Dion's practice exams from udemy

but read the Meyers book or watch his videos

Is that how you passed or ?

i studied A+ and Net+ but only took the Sec+ exam. For that one, I used the Sybex book by Gibson, and Dion's Udemy exams.

but i reckon they're good for A+, etc. too

i passed sec+ btw

I looked into it and noticed how Lenovo continue to make their products repairable which is really good. Thank you for making this suggestion was a fun little thing to research into

Question too let’s say I pass how easy is it to get a job ?

Like with just comptia a+ everywhere I see you need experience lol

have valuable skills to offer. unfortunately, business are very selfish and will only hire you if you have hands on skills prior to employment. balance your theory knowledge with practical labs like THM or setting up stuff at home.

Ahhh okay but as far as on resume how should it sound

market yourself the best you can, honestly. don't stretch the truth. it will be sad at first, because you have a lot to learn. but just state what you know already and can do, and that's pretty much it. there's no resume rules. if you're heavier on homelab/study, list that first, then experience. that's my personal opinion. many probably disagree.

try to sell yourself on paper the best you can. a resume is just a ticket to an interview where you can impress someone

Ahhh I like the way you put that

I lied to get into a technician job lol and I got it because I convinced them

But like not the technician I really wanna be lol

good job. you did the right thing. all job hunting is is convincing. hopefully, honestly so you can fullfill the deal when you land it

but a lot of people fly by the seat of their pants

that's good too

whatever works and suites yourself. i like to play things straight. best of luck.

good employers let you learn on the job

they just need you to have enough to not screw anything up. be careful, ask questions, listen carefully. that's my best advice.

just remember, honesty is always the best policy.

if you can't say "yes" to something, say "no, but ..." then elaborate on how you can learn and are eager to do it their way.

Thank you

Hey does anyone here know about a tool or software or perhaps code, called dark poison

Someone?

That is another zero 😆

oops

🤣

Hello

Can someone please help me
My 34H luncher is not rendering graphics

@fallen sand
Please read the #📜・rules and #👥・info.
Don't bring that stuff into here.

How do i unlock the locked chats

#🤝・roles-info
Talk in the chats you do have access to

Thanks

Does anyone know how to track location I don't need an exact location like I need around 1-2 km radius, if anyone know how too Please teach me I'm willing to learn

No we are not helping you stalk people

I was using dev tools to remove a pop up ad in a website I tried to remove the css and all also tried to block script but it didn't work

"Doesn't work" is not an error description.. give us details

When I couldn't find the script which is causing pop up so blocking wrong scripts was crashing the webpage

Can anyone hack into a outlook email im being deadass bc i cant login

You can forget your password

Contact microsoft support about it, we don't do account recovery here

Though you may or may not now get DMs from people trying to scam the gullible

How I can learn dev tools I didn't find proper resources on YouTube

I did but I made a alt and its like 2 years ago and I forgot the logins and I accidentally perm deleted the notes for it man im so stupid

if microsoft support isn't helping you, no one here can either

Wait i got the security code but how can I put it in

One would assume that microsoft has documentation about that

Like I need help

Help

can we choose ourselves what you need help with, or do you have a preference?

For instance I was recently told that koala might explode during a forest fire

If that solves your problem

is there a way to decode hash?

sometimes, depends on the details

a hash is not an encoding, so technically it is not "decoded", it is cracked

I need a hug

could you tell how

how does hash works

if you are serious, then there is not a lot I can do from a distance

a hash is a reduction of information and usually a one-way process.
You can't reverse it.. but you can take lots of guesses to see if you find an input (password) that results in the same output (hash)

how can you guess?

that depends on the details.. what do you have there?

may i dm?

no need to, we can keep this here

also I have DMs deactivated

but thanks for asking

i have a hashed script

want to decode it

what is a "hashed script" here exactly? Usually you hash values

can i just send it?

No idea how long it is and if automod will intervene, but I guess you can try

26dd5db9cb9f3b993aec27aa50c39ce80f191a5e749064942a9f9f7266e2d42d:7da52b7992845ffbb8c0d9f00ee76da431a5c3a7 SHA-256

you can use various tools or websites to identify the specific type of hash here

they just check length and format, and see which one matches

could you guide which websites

hashid 26dd5db9cb9f3b993aec27aa50c39ce80f191a5e749064942a9f9f7266e2d42d:7da52b7992845ffbb8c0d9f00ee76da431a5c3a7
Analyzing '26dd5db9cb9f3b993aec27aa50c39ce80f191a5e749064942a9f9f7266e2d42d:7da52b7992845ffbb8c0d9f00ee76da431a5c3a7'
[+] SHA-256 
[+] RIPEMD-256 
[+] Haval-256 
[+] GOST R 34.11-94 
[+] GOST CryptoPro S-Box 
[+] SHA3-256 
[+] Skein-256 
[+] Skein-512(256) 

whats this

that is the command "hashid" with your hash - and the result

[+] SHA-256
[+] RIPEMD-256
[+] Haval-256
[+] GOST R 34.11-94
[+] GOST CryptoPro S-Box
[+] SHA3-256
[+] Skein-256
[+] Skein-512(256)

so these are the guesses?

im sorry if i sound stupid, im new.

trying to learn

these are the guesses by hashid

try

hashcat 26dd5db9cb9f3b993aec27aa50c39ce80f191a5e749064942a9f9f7266e2d42d:7da52b7992845ffbb8c0d9f00ee76da431a5c3a7 --show

too, for example

so the length and format matches several possible hash techniques

im so lost… trying to use hashcat but lost in the website

just copy the command I gave you

where

hashcat? how

sorry man

hashcat 26dd5db9cb9f3b993aec27aa50c39ce80f191a5e749064942a9f9f7266e2d42d:7da52b7992845ffbb8c0d9f00ee76da431a5c3a7 --show

that one

im on the hashcat website google. It’s just showing me the page no where to copy paste it

Sorry, I assume you already have some terminal where you can input the command

my bad, should’ve told you

it would look like that

if i send you the hashed, could you check?

My labtop is not very good the ram is only 4 what can i learn

really not going to - this can be a very lengthy process

pretty much everything you want

Red team it neads labs

I can take a quick look though

This let the labtob realy slow and not working

$2y$10$5rLLEn1MfnByi/VS2vwcpO.3Tv5li3U4/de6eLMmDzu2L.N5N73rq

thank you

oh yeah, you are not going to make anything in terms of virtualisation with that

that is not a recognized hash - the "/" part is weird

What i do then give me advice

You could, and that is something you have to decide for yourself, either install all the tools you could need onto it - or wipe it and install a dedicated cybersecurity linux distribution on it

something we call a "bare metal" installation - without virtual machines involved

probably wrong hash

probably, yeah

a hashed script ??

like a hashed passwqord

We call those "hashes" or "hash values"

yes that

were u able to crack it?

hahaha yea @whole patio did you crack that random bcrypt hash already ?

gosh you are slow

the first hash you gave us is not trivially cracked, no

and the 2nd one, as I told you, is not a recognized hash value

2c9140aadaa269a442e27d1605967b6

try this

CRYPT_BLOWFISH - Blowfish hashing with a salt as follows: "$2a$", "$2x$" or "$2y$", a two digit cost parameter, "$", and 22 characters from the alphabet "./0-9A-Za-z". Using characters outside of this range in the salt will cause crypt() to return a zero-length string. The two digit cost parameter is the base-2 logarithm of the iteration count for the underlying Blowfish-based hashing algorithm and must be in range 04-31, values outside this range will cause crypt() to fail. "$2x$" hashes are potentially weak; "$2a$" hashes are compatible and mitigate this weakness. For new hashes, "$2y$" should be used.

https://www.php.net/manual/en/function.crypt.php

/ is perfectly valid in that Bcrypt hash

where do you get those from?

$2y$10$5rLLEn1MfnByi/VS2vwcpO.3Tv5li3U4/de6eLMmDzu2L.N5N73rq does not follow that convention though

were u able to crack it?

First, if you would be so kind, tell me where you got that from

Hy

oine

online*

why

dehashed

can you give me a link to where you got this hash from

could u tell why

Because I do not believe you

why do you need to believe

im sorry but i dont understand

i just wanted the link to be decoded

Oh I do not need to believe you, you are right. And you do not owe me an answer

I am also under no obligation to continue this

bro

im just confused

tbh i don't even know why you bother

why do you want to believe

could it be any risk?

Alright, so to wrap this up.. identify the hash.. I showed you two possible tools, there are also websites that can do it for you.. then choose any cracking tool to crack the hash with the infos you got

Hey guys, wanna know what to master the most: networking, kali linux, python?

It depends what you wanna do in the future. Some topics require a more in-depth understanding depending what you wanna do.
If you go to network security engineer, then you obviously need to know a lot more about networking.

How can i get a VMware account if i dont have a business email

like those xxx@___.com

like @company.com

does normal email work

oh you can mb

💔

how can i delete my data thats on the darkweb since my internet provider has been hacked and the hackers leaked it

I am not sure if you can delete it. Change your passwords, phone number etc. If you have social media, change privacy settings

You can also check databases like Have I Been Pwned

hi i am new here,as a noobie who’s interested in cybersecurity what os do i need to use

go do some tryhackme first or something

ok

yea i checked and im on there

Then change all of the passwords you have, numbers, bank pin etc,. If you notice your details are going to be used somewhere, report it to the police

ight

i am trying to use seIfbot on discord but it keeps giving me curl error

knowing the error would be great if you need help

my msg is getting deleted here

heyy i'm trying to do some projects to put on my resume for the moment i've done a port scanner in Go and a ssh brute force detection with splunk what else can i do and accessible for a beginner with a lot of knowledge on os network and some other stuff ?

be advised guys fake accounts here tryin to send requests

daily

Is tryhackme usefull? Or am i wasting my time with it

I think its useful.
People tend to move from THM to HTB

It is more or less useful, depending on where you are currently in your life. It is cheap enough to be a nobrainer for most

THM is very helpful for beginners, especially when it comes to networking, Linux fundamentals etc

Thanks guys!

You can't unless you make them do it

Stay on your own os you can try linux in a vm if you do really want it

my neighbour is using my wifi and i cannot change the password but i want to know how much he is using my internet and slow the network for only him.

What options do you have on your router, and why is changing not an option?

i can change but for some reason i cant

Doesn't tell us much about the technical situation

Usually wifi routers do not have a throttle option

i have full remote access to my router

Happy to hear that, but I already assumed so

if i change password he'll get to know that and i dont want that
i want to make it slow while still being connected by him

Sounds sus

just change your password

how is that suspicious

Tracking what other people are doing?

i only gave him password in the first place

How is that not

that is the part where we would need to know more about the technical capabilities of your router - usually they do not have an option to throttle on a userbasis - especially if there is no singular user account people use

worst case scenario: just reset your router

If you want them to have less bandwidth, then maybe there is a QoS option to make your stuff faster

ok i dont wanna track
just slow the signal?

Traffic Shaping would be the name of bandwidth limiting

But per device?

but it depends on the router. Home routers don't have a lot of features like Eris is saying

Depends. I think the Asus and netgear ones do

its Jio router

thats from your ISP?

isp?

Internet Service Provider

yea

I have read the manual. It does not have a way to do this. Only a way to block a device from access.

is netcut safe
i tried it once but i couldn't get to know how to use it properly

That will not do what you expect it to do

No idea if its safe, but you would need the device hosting netcut to be broadcasting the wifi. In your case, the ISP router is broadcasting the wifi

oh

thx for responding,i am using kali linux currently,but i wanted to know if there is any other linux distribution thats better

Whats that reason?

thiz

I mean depends on you if you are happy with kali then why change

Doesn't want the neighbor to know they are trying to nag them away

he may think im stingy

The neighbor pressures you to not do it?

just move the router to the far side of the house

and put aluminum foil on your wall

damn

its silly, but it would technically work to reduce his signal and make it bad

yeah

Who is good with Facebook?

Always ask the real question.. not for someone to ask

@rotund oyster
We don't assist with account or device recovery here. Please do not ask for that.

Okay sry my bad

what do you mean?

i dont think this is the place to try and promote yourself or your pages, outside of here doing your own promo for your page is on you

Alright thanks

CWES or eWPTx
I want to take one of them but I am not sure. I am HTB lover but I want to know about eWPTx. As I know CWES is cheaper than eWPTx but I don't know about knowledge they will give me during preparation. I don't wanna take certs to take cert, I wanna learn new things so which one recommended?

we do not help with that here #📜・rules

read_rules.com

I want to get into Cyber related fields but dont know where to start what should i read and study up on first to get a better understanding of this field.

@lapis badger
Read our #📜・rules and #👥・info.
Don't ask for unethical things here.

cwes is better for "structured learning". If your goal is to learn more then cwes is generally better. eWPTx can be after cwes.

What about CWEE should I take it after CWES

Well if you want actual skill growth and you already grind HTB…CWES will push your exploitation depth harder BUT
if you want a structured pentest workflow and stronger fundamentals eWPTx is safer imo. Up to you tho

Mmm.. I dont know much about CWEE.

Hmm okay

I don't understand what yall talk about structured. I will have the same skills, yeah?

You’ll learn similar vulnerability types yes and structured means how you approach the test not just what bugs you exploit lol

Hmm okay thy

Okay mb

Should i use ELK Stack or Wazuh as a SIEM for my little structure (managing 2 - 10 website logs)

Hey all, any advice on any roles in cyber that may be on the upcoming that I can tap into? I received my bachelors in CompSci, but I am interested on newer fields that can be great to get into

just answered to your question in #💬・old-gen-chat 😉

wazuh is elk based but if you want to integrate a proper edr at some point, you want elastic – not wazuh.
wazuh has no serious malware detection capabilities, which is also not what they aim for.
if you are into compliance scanning, it is wazuh what you want

Thanks you i'll go with ELK !!

Yeah, they serve different purposes

Some people use both

Security Onion i believe has both

Security Onion ? Is that good ? i googled it and it doesn't seem like it (I don't wan to be offensive)

Its a collaboration of tools built to work together, so you get your wazuh and network IPS and more in the same dashboard. Then a way to triage and manage incidents.

Its pretty cool, but its also a chonky boy that is more complex than just a SIEM by itself.

Not a lot of people know that kali purple is actually not meant to be run as a single install - it is meant to be used as a "soc-in-the-box" setup with multiple installs

https://gitlab.com/kalilinux/kali-purple/documentation

Any security onions? Technically it would be one platform, but has the other tools in it. So while it does kinda double up on some tasks, it correlates actions between the different software.

Example, when a endpoint/host makes an HTTP request, it correlates it with the agent on the host, alongside what the IDS sees when its mirroring the WAN network

As its just elk in the back-end, it can ingest logs in that format which i guess solves for that.

But I do agree that having the logs going to different places with different formats makes it a nightmare

im just torn between locking in with graylog, or just doing elk

i kinda like graylog a lot

yeah. So elk gives me more control, graylog gives me a more finished solution to start from

ye, go for elk. you'll be able to transfer knowledge back to graylog. but not vice versa

interesting to me as well, its just fitting in the time

i am trying to make a discord seIfbot and

its saying failed:library
"libcurl-impersonate.so.4" not found

Who’s aware of any other stronger tool than seeker

"stronger" how?

cause making your case for getting better at stalking people might need some context

Please stop asking.
https://support.discord.com/hc/en-us/articles/115002192352-Automated-User-Accounts-Self-Bots

Research purposes

Anything else?

can anyone help me with what are the different roles in cybersec i am just starting out

#📜・certs-and-career

Lots

I just realized it doesn't have much in terms of job roles

https://tryhackme.com/room/careersincyber
Make an account on here, and this explains a lot of it.

But you don't really need a roadmap about each and every sub-role. Start with the basics and rather soon you'll get an understanding that allows you to ask better questions

can anyone suggest me good sources to start learning red teaming and stuff

TryHackMe + HackTheBox

#👥・new-member-guide

#👥・new-member-guide start there

Udemy videos wont load for me

Either change your browser, or check if you have some kind of browser extension installed that prevents the loading of scripts.

you are not trying to watch them in a vmware vm, are you

I am still at uni and all I've done so far are just web development projects and with this AI wave I am sure I am going to reach nowhere with just this web dev stuff, I've always liked how cybersecurity sounded and now I am trying to switch paths , plus I am done with web dev stuff. I don't know the first thing about cyber security, I am genuinely in need of help . I have just one more year to graduate I am COOKEd

I did it on floorp, helium, and chromium wouldnt work

nah

look into entry level jobs then, jop postings, what qualification/certification they are looking for.. but the whole cybersecurity thing is not something you usually start out with.. its something you consider after you got prior experience

e.g. not entry level jobs

No idea where you live and what the job situation is there.. but especially people who come directly from academia are quite often not considered

agree with this ☝️

nvm I figured it out, apparently I needed widevine

Doesn't really make much sense. Since it should run with any browser

Hello guys, I've created a keystroke logger that sends to my wanted webhook, Now It works perfectly fine with me and it even has logic that waits for the user to finish his sentence and then sends it, it's an all round logger that included everything there is with the support of an Artificial Intelligence I've created, Now when I tried putting this script my other laptop, It didn't work, Terminal was already used as an administrative, Any suggestions? (I don't know if it's the right channel to ask so if it isn't I'm sorry)

add debug printouts at each point of the execution of the program

lemme dm you the script

and exceptions, so if there are errors for example in hooking the keyboard, then they are printed out so you can troubleshoot

ok

I've sent it.

Who can help me using Termux

What problem you got with it?

I don’t kno how to work it an what I can do wit I kno it’s capable of a lot

Im trying to get in cybersecurity and low level systems any suggestions on where to start

check #👥・new-member-guide Or search a specific roadmap