#👥・help-me

whats "both"?

What about me?, im genuinely asking for help

both paths

thats why im a flock im still at the stage where i decide which path

so i think ima stay here im asking eris

but im thinking of going as pen tester

a question

soooo

i need guidance

so im not breaking rules

Eris, i think youre more knowledgable than my current professor

he is

def

i love my professor because she is chill but she said it herself she took the class because its lvl 1 and she has little knowledge about it so she got assigned

The new members guide has a dilemma.. it needs to be rather short as to not overwhelm newcomers, at the same time the reality is more complex.. as you can imagine someone who worked as a pentester would make an excellent candidate for "detecting attacks", and vice versa.. so both interject constantly

Eris, im not wavered by such thing as ' its taking long to learn '

eris u dont understand blayt is dedicated

it is really meant as "keep newcomers busy with topics, until they can ask better questions" 😉

to his craft he will not waver \

and he will become almost as good as you

Eris, im starting to think this is a troll conversation

but not

i am

serious

100%

I am too

i will install apps if you send me something

blay wont let you down

@frosty stream @brave shoal
Can you guys please stop spamming this channel?

we are not spamming

oh shi eris snitched

You do not follow one path and neglect the other completely..
A police detective needs to know how crimes are commited..
A locksmith needs to know how people bypass locks..
and both a red teamer as well as a blue teamer need to know what the others are doing

you and your analogies

every other sentence is a analogy

I see you are trying to DM me, I don't do DMs

My univeristy recently is hosting a hackathon. Anyone here who has experience in attending one? What should I expect to do or see when attending a hackathon?

You could build a phishing detection browser extension
a crypto scam tracker
a password strength analyzer
a web vulnerability scanner
And earn prizes with your team

I have no idea how to code those though…

I’m like still a newbie to computer science, I only know a bit of C++ programming

Would you accept the request?

I could offer you the basics on what you’ll need to have a better experience at the hackathon

Why can’t you share your experience here? So that everyone else can gain something useful

I already did

Okay, mind sharing here?

Yeah I do mind

How can get rdp for Windows

it's preinstalled

I am i need of a programmer that builds a security software that analyzes People and objects in view of ccctv thus making it easy to find a law breaker

Buy a CCTV that already has such feature?

Such don't exist in my country and i intend to make the software available sell it as a separate cost it will make millions

Then just import these CCTV and resell them in your country lol

Thanks

This might sound a bit stupid but is having a double VPN feature on worth it compared to just one VPN on

Any flipper zero users ?

nah

This might sound stupid buh installing a VM ware on windows, need a root directory or do I have to root it

Guys

Please help how to delete my bios password i dont remember it

Lenovo

Tried a reset?

Yes

Reasarched it says enter 3 times wrong it gives a code but no it doenst

Anyone know how to do?

Probably not possible.

In the past, removing the CMOS batteries worked, but on modern motherboards it won't work anymore.

Anyone have latest sqli payloads?

I have new or updated SQL injection code/strings that can bypass modern website protections, often used to bypass protections like WAF

So only solution is to go to technical service?

Maybe. Not sure if technical service can help you.

Probably have to replace the whole motherboard

Guys should I get the tryhackme premium?

Gpt says its common and thecnical servies does it for 20-40 bucsk

Don't rely on GPT.

Well i want to hope it works

You can use free version to see if you like it, and then decide whether to get the premium version. In free version you can also access free rooms

In the premium you can also have unlimited lab time, while the free version offers only 1 hour per day, so it all depends on your needs

What can this app do?

It's a learning platform, not an app

Anyone Comptia Security+ certified

Pay the $16.99 its worth it

It teaches you while doing it hands on

good platform

Do u guys have better alternatives

So apparently i put one of the tryhack me codes at the end of the module and the bot night owl sent me a message saying i used to many caps. Didnt know that was a thing

Using caps?

Just posted a an end code from one of the 1st modules

☠️

Thought this was the help me section

Sent me an angry face too 🤣

Theres gotta be a way to determine or moderate these comments to determine or detect whats what, no?

Dont pay

Google it

nobody has figured it out yet😭

Also dont get your account banned for cheating

how do i update my pc drivers

Google fu lmao

Update PC drivers by running Windows Update (Settings > Update & Security/Windows Update > Check for updates) or using Device Manager (right-click Start, select device, "Update driver"). For graphics cards, use official software (NVIDIA GeForce Experience, AMD Adrenalin).

Ok luckly i booted from prssimg shift and restart chose devices to boot was able to boot from usb to run linux 🤘

Idk my bios anymore but i dont need to atp i can run it anyway

@rose carbon
#📜・rules number 6.

Uh oh

For you

"better" how? What are you looking to improve

Hi, everyone just an engineering student from India want to play ctf events I created my own team for beginners but eventually no one showed up after registration

Can anyone let me in their team I wanna know how to play in these events, I want to win these events

Im a guy who never played CTF but I've been practicing all the hacking for quite a time now but I just want to try out these skills in events can anyone help...

Can anyone tell me how can I perform this CVE-2023-46298 to submit it as hackerone report? how to get PoC??

hi everyone. i wanted a help in knowing how can i download kali linux on my laptop? i alr had it downloaded but i had to delete it cuz of storage and now no matter what i do it just is not coming how it should..

Thank you so much ❤️

well from what I understand which isn't much its basically the starting step if you want to persue cyber sec ive been told that by pentesters alumini from my university, chatgpt and basically anyone ive asked "how do i get started" they all said the same thing start on tryhackme then move to hackthebox after that there are different steps some ppl say get certificates other say personal projects etc... so yeah I decided to finally put my foot down and lock in that is where im starting

Personally idk any they are all paid what ive tried so far is tryhackme, hackthebox, picoctf, and pwn.college they all server different intrests but that's all ik for now.

David bombal on YouTube has a step by step guide

thanks!

Hi guys....so I am a senior high school grad who'll be moving to college this august....absolute beginner with coding and programming but wanna become one....any tips for me on how to start what to focus on and build upon? And what projects to build?? (Sorry for this kinda question i just wanted tips from you guys😓)

its the best to download Kali ISO from their official website. There is also step by step guide available that shows how to install it

personal projects are the best tbh, those websites teach really well and are amazing but employers couldnt give one shit about them

you can learn something but if you cant apply it whas the point

Good evening people does any one know how to implement LSTM DQN in a RL rule based logic system

Please help

i need like 40sec of help for a path traversal exploit / patch assignemnt

https://tenor.com/view/owl-sec-no-srhoe-owl-sec-gif-27315984

@summer marsh am not breaking any rule , please go see #📜・rules

you want to go into coding or security?

"so i'm sensitized against it" lmao

#3 in that rules you linked my friend.

Ah yes , I misunderstood it , apologies

im hearing every1 say discord is becoming malware now what does that mean exactly and how can i stay safe

it's political , it may be against the rules to go further in this discussion...

People are reporting this is safe, i've ran it in anyrun and nothing special is seen. Keygen people are questioning why its getting flagged because its only generating a key and the program works for them. I dont know how to proceed in discovering if the setup does anything malicious, there was no HTTP request to any external IP addresses that is downloading any type of file. Without me actually seeing for myself exactly what is going on with the installation i obviously wont run it, but I would like some help into getting better at reading and deciding if files are malicous or false positive . Pls no mean comments, I wont run it

https://www.virustotal.com/gui/file/ed5ddd731af674e198bfd9f0aeb27d1f82beea7dfc2e57b1dd264858823618e6
https://www.virustotal.com/gui/file/29e65b74b8ffaedfc0fc4e233684c89eaa4a2f36c4fe478a3d851991b32e5950

I've downloaded the file in a sandbox + VPN and will roll back to a snapshot of the VM when done ^^

Most keygen are patching / cracking the software, so they key that is being generated works for the software.

Yeah exactly, and I think the keygen is false positive. But there is an installer in the folder that has multiple virustotal flags, and flags on other virus check up sites and I dont really have the expertise to figure out if that one is false positive or not

help me, my new monitor has a severe purple tint

Don't put real information or pictures into servers or DMs or your profile.
Practice healthy opsec in general.
Treat it as a public place, and not a private server.

What OS? And does it happen on the OSD?

linux right now, i tried it on windows and another linux machine with the same issue

RMA 🙁

it has to do with the monitor

?

Try to reset the settings back to default. If that doesn't work, then send for an RMA(Return Manufacturer Authorization) for the defective monitor.

If its brand new from a store, maybe they will offer an exchange.

im screwing with the color settings right now to see if i can get it back

its a unbranded monitor

The other option is in whatever OS, if you can put a custom color profile to the monitor, then you can adjust it to make it look more normal with the tint.

But If you just bought it, I would see if i could get an exchange. If they are all like that, then its just a really cheap quality monitor.

Hi wonderful people on here I need help with creating a website with full functionality; I mean from a coding perspective. I believe Linux would be better. But I don't know how to do it.

learn coding then

you can use many platforms

codeacademy can help you with that

Thanks. However sir is it free

I checked and it's going to cost me about $12 a month which I currently don't have. Isn't there any other platform I can learn it for free please.

They have a ton of free courses

ah ok tyty

I don’t know if I should ask this here or in general, but if I’m literally brand new to doing anything with code, should I use Linux instead of Windows for my gaming PC? Or stick with windows until i figure things out? Or is there something totally different i should use?

im noob myself, from what ive heard from my collegues stick to windows

he's associate web developer and jst landed tha job yesterday

Oh sick 👍

great to hlep you, lets help each other

im also starting

building my foundations so i can understand things clearly

If you are comfortable using linux, it doesn't matter - if it is rather new to you, a good incentive to learn more about it is forcing yourself to use it daily and for various tasks.. e.g. daily driver

So it would be better to force myself to use it so i have to learn it to do anything?

Are you asking me to repeat myself verbatim?

No, sorry if it seemed like that i was just making sure i understood what you said

Then without going into "better" - it really doesn't matter all that much whether you use windows, linux, macOS or whatever if you want to simply learn coding.

all have their minor pros and cons

If you are depending on AI integration on your journey.. maybe stick to windows. If you want to learn yourself, I'd suggest linux

but can be done on both systems jut fine

How can I learn more about Linux fundamentals

Or where

#👥・new-member-guide

Linux has been open source for decades, there are learning resources literally everywhere

try Try Hack Me linux fundamentals

Hello everyone I’m brand new here, where should I start

by reading
#👥・new-member-guide

Ty

Ty

np

i have same doubt brooo

i have an doubt how to level up

So I'm studying 220-1201 and 220-1202 for the certificate. Aside from the basic competencies, is there anything I should look out for in the xam as far as "gotchas" or how in-depth it'll get with one of the subjects (RAID, TCP/IP, etc.)? I'm trying to make sure I have everything learned but I keep overthinking as to what I need to focus on,

I plan to begin practicing Python but I want to learn one thing at a time.

As far as those who've taken it and passed the exams.

The main “gotcha” is scenario-based questions, they test if you can apply concepts and not just memorize them

focus on ports, RAID basics, troubleshooting steps and common networking//security concepts

Okay, Appreciate you for that

Method /resources to learn cybersec

Ohhh 😔 ok

so no clear idea - stick to it then

chat in #💬・old-gen-chat

Almost bricked my whole pc

How

Stick to whatt

what you were asking about ...

😭 ok ig

If you have no clear indicator of "what" you need "better", then stick to it

How do I get rid of the error 'Your IT administrator has limited access..." when am trying to turn on/off windows defender?

hello everyone i need your help
i am making an osint challenge in which i need an shutdown comapny image that is where hard to find through any reverse engeneering the image and also through AI models and only be cracked by specific tool and the company image should be very hard to trace

plz everyone help me !!

hello

is this your own machine?

as in.. you administrate it and have administrative access?

If ya want it to be hard but still solveable the trick isn't the image itself but the metadt and hidden clues

For example

you could use a real logo from a defunct company, strip obvious metadata and then hide hints through steganography or subtle edits (EXIF remnants, stego, tiny text etc) so it requires a specific tool to extract

Is this your own computer or is it managed by school or work?

Hey guys, hope you're all doing well. I have a question I'm in my last semester doing BS in CS and in few months I am going to graduate few months ago I realized what my uni is teaching us I will not get any job or earn anything so i started learning on my own I have intrest in Cyber security so I start gathering free resources doing researches and start learning I found some courses that prepare you for CompTIA exams I learn fundamentals of Computer then Network+ I didn't give the CompTIA exam but I give the practice exam I learn networking start learning Linux+ and security+ and goes halfway then some of my friends say do something releated to AI do something the you can do as a freelancer etc so few months have gone I stop studying and siting doing nothing and thinking what to do. Now I'm thinking of starting again, learning from where I left. I know there is people in this community that is senior or more educated in this field and they are earning that is the end goal can you please help me to tell me which workflow or how I should learn and get a job or earn in this because I'm just learning theory and stuff it's long paragraph but any type of information can be helpful. THANKS.

Yes, it my machine. Which crashed after a power blackout then I reset it online after it came back there was a restricted access to the windows defender which was not there in the first place

It's my home PC

Can you open Powershell and run the following command and tell us what the output is:
systeminfo | findstr /B /C:"Domain"

Hi, I think there exists a vulnerability in Google Gemini. I am not sure how to trigger it. Can anyone please help out

What do you mean?

Like, you are asking someone to tell you how to break Gemini ToS?

Domain: WORKGROUP
PS C:\Users\GEORGE>
PS C:\Users\GEORGE> systeminfo | findstr /B /C:"Domain"

This is the result

Okay so it's not domain joined, which is good.
The only thing that could be wrong then is that you don't have admin permission for some reason.

Can you try to find and disable windows defender, then reset your PC and see if ti working now?

its*

Also you are not sign-in into your Microsoft Account?

No, it's not

so it is not defender for endpoint.

It's not domain joined, so I highly doubt MDE is running.

I'm signed in

It keeps messing up with my dll files

It is a bad idea to turn off defender

if it messes with your "dll files", there is something about those files

You can disable only for the reset, after the reset it should work as normally defender should be on

I just want to allow my dll files then activate it back

But why? Does Microsoft Defender block it?

what are your "dll files"? maybe we should talk about that first

Okay

If it's being blocked, then there is probably a good reason.
Imagine if some kind of malware did funny stuff against Defender

this ☝️

And there are malwares, that can lock you out of Defender just so you know.

Maybe. But am almost convinced this is bug because I should be allowed to manage my defender settings, right?

I would run something like malwarebytes and check your device.

Sure thing

Yes, try to disable it, scan with malwarebytes or with other antivirus, see the results. Turn on back defender, scan it again

Premium version is better, not perfect but better when combined with defender

I know what you mean

Malwarebyte earned that respect, as far as I am concerened, at least as the "Go to for troubleshooting"-tool, never actually experienced the live protection

i heard that, yes. it is also a bit of a meme in the infosec community 😄
for me, malwarebytes, among some others never made the move from win 10 to win 11 in my edr/av testlab since it literally never detected anything i tested against it

Sounds like you tested the live detection of stuff you wrote yourself?

Guys why is my kali linux so slow

....

You feel like your question kinda sorta needs more info from you...?

huh?

I think I was clear enough

alright... your kali is slow, because you are running it on a 486 DX with 8 MB RAM

nop I have it like 4 gb ram

Gave*

As I said, no experience with the live detection.. it is highly recommended though as a tool to use if you know you got some run-of-the-mill malware

You see how YOU have to provide more info here?

5 processors

wait

I just noticed

The display video memory

so it is a VM? Gosh, wouldn't that have been a glorious info up front?

Describe your installation in detail so that OTHERS know what the situation is.. not just so that you know whats up

the video memory has next to no relevance in a virtual kali

so it somes packed with a lot of signatures, that might be the case and would explain why it never detected any of my tooling

out of curiosity.. what made you choose "intermediate" as a role on this server?

cause it sure does not sound like it

could you remind me what the level was for

So no reason then

I have completed a python course and yes I might be a beginner in hacking but I’m an intermediate overall about computers

you may want to change that to "beginner", so people do not assume that you have a a basic understanding when you ask questions

but. its your decision

"Beginner, intermediate, expert"... on this server those relate to cybersecurity and hacking

well it didn’t say like that when I chose intermediate

so not my fault

Didn’t specify hacking

I dont think anyone cares whether it is anyones "fault", I'm just letting you know that you may give people the wrong expression.. like I would never assume that someone needs to be explained that they have to tell us about their installation setup to answer performance issues

if they select "intermediate"

cause I would expect that to be obvious for "day one, just started out". How should anyone be able to tell you why, if you dont think you need to describe the setup

but, again - its your decision.. there is no test or anything.. free to choose what you want there

by the way.. it does say "infosec experience"

Well.. back to you

You say it is slow.. which hypervisor are you using, what is the specification of the host machine.. and do you have example of when it is "slow"?

or not

i have a question

Whats your question

i am having difficlties find a person by its username is there anyway to make it easier ?

Not going to help with that here. Peoples safety can be at risk here.

the reason i ask cause i was on stream and somone joined and started saying the n word and i amnot really offended i just want to humble them

Contact the support vendor

where can i find that

dude..

i am new i joined today

YOU should know which support that is.. it is the platform YOU were streaming on

ok

@whole patio morning bro it’s cool if I message you for help?

Feel free to keep it in this channel, I have DMs turned off

NP, I didn’t really know how to ask that’s why. I’m new to this learning the workflow through Kali. I got the workflow down through vftpd Samba and I think Telnet. Just wanted to know if yo bad advice on making these things click

Like I know to do the commands by heart but idk something isn’t clicking where it’s like “Ohhh okay” my bad for the long question

The trick is to take time for all of this, and effective notkeeping goes a long way, so that you can rely on the future on clear and useful notes you wrote

Depending in where you start.. this takes years

and not "Oh yeah yeah, for sure, imma gonna give it my best and be done in 2 years.. " - I know people with 10+ years of experience in IT jobs, who frankly say they do not feel ready to start with technical cybersecurity

or pentesting

or malware development

or red teaming

Rather soon there comes a point where the process is just assumed given.. tools change.. circumstances change.. they do right now, quite fast, and people already catch up without realizing it. But the point of make or break is when you deal with real world systems.. not training environments that are purposefully vulnerable

One day i'll move up to intermediate 😛

I am surounded by people who have way deeper and broader knowledge than I have.. and they say the same about me.. impostor syndrome is a thing, isn't it

My grounding wire has been "hacker jeopardy" at ccc events..

yeah sure there are topics I feel I would have done quite well.. and then come some topics where I can serve as the illustration for "dumbfounded face" in a dictionary

I can't code for shit.. and I don't intend to do anything about it.. that is one of the lines I consider "drawn for me"

never participated in those when being at congress, but we used to play that with colleagues years ago when our company was less "corporate"

coding can be so much fun tho!

I just used to watch them.

And the next category is .. "compiler instructions"
O_O

And "arm architecture"
o_o

as always.. you don't need to, unless you do 😉

Don't need to be a master in every field.
Just be proficient, so when you communicate with the people who are masters in that field, you can keep up.

I really just don't have the time

I can read most scripts just fine.. but don't expect me to find the one oddity

At a certain point, the only wall is time.

There is enough to do/learn/work on/test/practice that can keep people busy for their entire lifetime.

Thank you, sorry for the late reply appreciate that.

no problem, happy to help

Although I still have one conundrum.. I would like to write a webhook, and I am somewhat sure that my use case isn't that complicated, but I would not want to put it under an open source licence.. so I either have to find someone who wants to do it, or pay someone.. and I have not found out yet what my best option is

Wdym write a webhook? Like an outgoing HTTP request? Or a server that can receive webhooks.

several people said "sounds easy, I'll take a look" but no one followed through 😉

What I want is to plug in a badusb device, which prompts for a password, send that to a webhook which displays the password for 10 minutes on the landing page, and then replaces it with a dummy

I have the script, and I have delved a bit into webhooks, but not so far as to say "yeah I can do that now"

basically just for use during awareness seminars

the badusb part I have nailed down, flashed with arduino.. the script is already working

So, webhook is the common term. Its just an HTTP request that you can receive with flask or fastAPI. Flask sounds better because this is such a small thing, that performance doesn't really matter here.

In terms of sending it, any way you can send an HTTP request should work. Can even use the system's curl to send it.

If AI is allowed, I can probably make a PoC tonight 😛

but right now it points the request to localhost

Honestly I have a pretty large collection of badusb devices.. I just like the ones that not everyone has seen already

I like collecting them 😉 And whether it is a malduino, rubberducks, usbBeetle, swiss army knife or whatever doesnt really matter.. they all just enter PS

Dms seem to be closed 😉

no mass storage, just whatever you flashed it with

same as you 😉

Must be discord i guess. Won't let me add either

Well we already "have" a DM established.. cant use that for some reason 😉

I like that I can essentially run c code on those.. a while ago I wanted to write a script that would brute force hardware keylogger devices by going through all "three letter combinations of keys pressed simultaneously"

Not sure if duckyscript would have allowed for that

meant for tabletop excercises where I tell clients "You just found this installed at one of your computers.. you can hire an expert to take a look" and that would have been simulated by that badusb device

I like those excercises to have a "dooms day clock".. waste time.. live with the consequences

also prevents everyone from just covering their bases and later complain that it was unfair .. rules upfront

Don't tell anyone, but essentially yes.
Testing the emergency/business continuity protocols out in a scenario that play with all the players filling in roles

"You receive this intel.. do you have a process for that? Who gets to decide.. what do you do"

and just like in D&D people try to cover their bases 100%

hm.. i see. so it is purely verbal? no real attack simulations?

not in the tabletop excercise, no

you "can" do it that way too, though.. typically if you involve several departments, who partly now that this is a drill

"When gets this reported?", "How much of the initial information survives?", etc

a client of mine once wanted to test whether people know what to do when a bomb threat comes in, for example

and it was a total disaster ^^

someone left a letter with the threat at the reception.. returned to his car and they waited to see how long it takes for this to get reported through the designated channels

Hey gang what do you use for note-taking and screenshots ?

joplin 😉

2 hours later.. nothing.. so they went back inside to find out whats holding them up.

Turns out the reception put the letter into the box of mails to receive stamps in the afternoon and hand them over to the mailman 😄

rn just local but idm if it has a provider

I have joplin on most of my devices, syncing notes between laptops, desktops and virtual machines over webdav

it does not

joplin has a firefox plugin, that lets you save entire webpages - for actual screenshots I just paste them inside note

Oh shit thank you guys, i will defo check it out

Hey guys, Just abit of a question so i understand right. I'd need my core 1, core 2 and network + certs then CEH cert to actually get into any sort of pentesting/hacking careers right?

Really? I was about to spend the time and $$$ to get those certs? My level of understanding when it comes to pentesting is only as far as HTB. What would be my best bet for getting into a I.T field or pentesting?

Looking for the kind of certification that employers in your region are requiring

As far as I know, CEH is considered a joke exam and almost a red flag.. though some regions apparently accept it

don’t waste money on certs

Why do some certs are looked down by other people?

Mostly because they have no practical side, are outdated, very basic

CEH is outdated ?

Where would one find or learn the skills to get into a role like soc analyst? i assume learning a few programming languages would be a good starting point?

read the rest of my sentence, too

if an exam has no practical part, it just means you memorized stuff

for red teaming, certs only tell me that applicants have experience in some artificial lab, which i do not really care much about honestly. and i rather have a thorough interview to find out what the applicant knows

So experience matters more?

way, way more.. people want to rely on your capability

So what counts as experience if I want to apply for a job like red teaming? Like doing IT desk support for few years?

for red teaming, it is good to have i would say at least 4-5 years of experience in corporate IT (ideally consulting focused) in pentesting, dfir, software development, devops or anything like that

"red teaming" could be considered the opposite side of starting out

this is typically something near the end of your career cycle

I see, my initial plan was to gain experience in IT like being on a support desk, then pentester, finally Red teaming

nothing wrong with that. takes time but can work. don't forget to make sure you know a bit about consulting as no one hires you to only break shit and people tend to forget that

take your time

Consulting is the same thing as support desk, right? Offering advice and guidance on IT issues?

no really, no. it is not only about giving technical advice. more about abstracting findings into strategic advice and help clients steer future investments and developments in their security teams

Oh so kinda like having to communicate IT technical terms to stakeholders in simple words?

"Consulting", in a nutshell, means people were willing to pay you to advice them, present to them.. they thought about calling you to solve a problem for them

What about a support desk?

What about it

Its a good starting position

Cause I’m kinda confused on the difference between consulting and support desk

Unless they’re the same terms

it typically does not come with the kind of responsibility though

they have nothing in common

a support desk is you, keeping busywork away from people with more responsibility

a consulting job is taking a lot of responsibility, and projecting to various people that you know what you are doing and they should listen to your opinion more than to the opinion of the people who work there for 20 years

I see, that makes much sense now

Thanks for the response 👍🏻

can someone tech me how to code or something like that

this server doesnt really do any mentorship but you can review these resources to teach yourself #👥・new-member-guide

ok

thanks

what lang

what does lang mean

programming language

no

Do you guys still get good results fuzzing parameters or is most stuff these days more logic-based than input-based?

There is none, for obvious reasons

@pine token
Don't ask for such things here.
Read our #📢・announcement message

Yellow top missing

can someone guide me, i want to eagerly learn hacking, at my level i only know ctfs and linux fundamentals, my favourite ctfs were Web exploitation, but it feels like just doing ctf isnt worth it and i cant find what and how to move forward

if you're into web stuff check out portswigger academy

okay lemme check, thanks 👍

Good evening I need help with connecting cables from my Atom V650 PSU to Asrock a520m-hvs motherboard
Please

Can I run Microsoft tools like pp word etc on Linux by any chance

I believe so! But they have to be used online only, not the desktop applications, unfortunately.

There are other options, like OnlyOffice

https://pentester.com/

https://intelx.io/

https://app.dehashed.com/search

Can someone please help into becoming a cyber security expert. I’m a beginner trying to learn from scratch please.

Hi 👋 welcome to owlsec! Best of luck in your journey. You can start here #👥・new-member-guide #💕・free-resources but be sure to check out all of our channels 🦉

Doesn’t matter wha the reason is, finding other’s personal data is wrong. We don’t do that here

Any great alternative coding apps for cellphone with low speed celluar?

Hello people, i need help with my PC. Ive been experiencing BSODs lately and just recently, it happened again but this time, right after it restarted, it wont boot to windows. The motherboard logo shows up but after that, its just a black screen. I tried waiting for minutes but nothing happened.

hmm strange, if it doesnt boot past the motherbaord logo you might need a windows USB to try to repair the system, you can attempt to remove recent updates however it sounds like you may potoentially have a corrupted windows file, it happened to me and i had to reinstall windows and wipe all my stuff

Hi chat, does anyone know a file where I can download the FULL HTML and CSS cheatsheets? Everytime I do pure back-end coding, I mostly forgot some parts of the things I used to remember in Front-end Development, Just for Recap/Revision only

Appreciate the response. I also looked into the BIOS to make sure it isn't my HDD thats causing the issue. My bios detects it just fine. So it really must be the Windows. Thanks again.

yea sure thing!

https://github.com/logeshpaul/Frontend-Cheat-Sheets

Thank you very much!

no problem at all

Good mornings Team all the way from CPT South Africa 🇿🇦

How i hack my girlfriend snapchat account

u hv a gf?

you don't #📜・rules

I want to learn about cyber security and hacking

Where to start

#👥・new-member-guide read this to get a better understanding of where to start

i have a question about cybersecurity future, for someone who graduated with a degree i find it hard to land a job in the middle east with 1 year internship experience, my question is mainly not about landing a job, its about why and how fast the difficulty is changing for landing entry level role, is it because of AI? or the job market being cocked in general. also if i can get some advices about what things as a cybersecurity graduate you need to do to look more employable? minus the experience.

I have a doubt, there are sensitive data in a webapp, people can take ss of the sensitive data. Is there anyway to detect this

I dont want to put preventative controls for all users because of this, just to detect. Any opensource software/apps available?

There is no way to detect this reliably

Wow, how?

Didn't I just say that there is "no" way to do this reliably?

Sry, skipped the no part

hey everyone

Yeah AI is doing a lot of the repetitive tasks and getting rid of entry level roles, job market is cooked for like pretty much every job tbh but you can still def find things

which cybersec job title u think i should start lookin for?

pen testing

I'm not even sure to be honest

ask others cuz idk

how to make a Spaghetti

"a Spaghetti" is a misnomer, cause Spaghetti is already plural

i hate English

Pen testing is not entry level

like you’re trying to break into the field 1st cyber job what would it be?

usually it’s SOC but idk apparently it’s getting cooked by AI? What’s the bar for entry level these days

I don’t think SOC jobs would get replaced by AI, I think employers are looking for people to use AI to speed up the process of a SOC role

well u are correct

I've completed the first two rooms on Try hack me but now it says to go forward i have to subscribe to premium. im not financialy able to pay for a premium account. any ideas or tips on a way to keep going without having to subscribe to a premium account.

Hello.. is there a way to track lost phone using IP ADDRESS?

no

if you have a google account on it just login and track it through google

i tried but the DATA/WIFI and location is OFF..

thats unfortunate, best i could recommend is to go to the phone store and ask to see if they can service lock ur phone using IMEI

hello there,
js started learning cybersecurity and gonna eventually work as either a pen tester or soc analyst

what ive done so far:

• set up ubuntu in a VM and learnt basic commands (ls, pwd, cd, mkdir, etc)
• started THM Pre-Security (finished Module 1, on Module 3 now)

planning to do Security+ after Pre-Security.

any tips and what should i foucs on?
im open to connect w like minded people and id really appreciate any guidance

you’re honestly off to a really good start a lot of people jump straight into hacking tools without building the fundamentals first, so the path you’re taking is solid.

a few things i’d recommend focusing on as you continue:

build a small homelab – this is one of the best ways to learn. you can run multiple VMs (linux, windows, vulnerable machines) and practice attacks/defense in a safe environment.

networking fundamentals – this is huge in cybersecurity. make sure you understand things like TCP/UDP, the OSI model, common ports, how IP addresses work, subnetting, DNS, DHCP, routing, etc.

security fundamentals for Sec+ – things like the CIA triad, threat actors, risk management, authentication methods, security architecture, and basic cryptography.

go deeper into linux – try using it daily if possible. learn permissions, processes, networking tools, package managers, bash scripting, and log locations.

learn how logs work – SOC analysts spend a lot of time reading logs. learn where logs are stored in linux and windows and how to interpret them.

packet analysis – tools like wireshark are great for understanding what network traffic actually looks like.

basic scripting – python or bash will help automate tasks and is extremely useful in security.

web fundamentals – understanding how HTTP works, cookies, sessions, authentication, etc. will help a lot if you ever move toward pentesting.

document everything you learn – keep notes or post small writeups. it helps reinforce knowledge and builds a portfolio.

also try not to rush certifications. focus on understanding concepts and getting hands-on practice. platforms like THM are great for that.

keep going though, you’re definitely on the right track

well good news then, you wouldnt have an ip anyway

There are free resources available on THM, but not all are

If you filter for practice boxes, there is a filter for subscription type, too

Hello!!!!!

not looking for help really, just want to see if anyone wants to give any advice on my situation and if im getting back on track.

I got my google IT support Cert last september or so, but i haven been consistent and since im doing learning on my own for cybersecurity ive sort of layed out my options for certs and skills i need to learn for the areas i was thinking of getting to. I got roped up into school and forgot to keep up with learning. ive recently just started back up and have been using HTB and THM to learn, im also actively trying to look for a very good format on note-taking in which ive settled with Diagrams and visual examples on one side and notes on the other side.

ive also decided while or before i get into college i would like to attempt the Security+ or the CCNA, with my preferred job in Network engineering i would like to know which will help out more and any other resources i could possibly use to help me feel further prepared.

as ive said before, just looking on a checkup on my progress. my old intro to hardware teacher got me invested into this and i really want to progress well into the industry.

Thank you to those who respond in advance. ❤️

really appreciate the advice

a few follow up questions:

for networking fundamentals would you recommend any specific free resources as THM networking module is premium

homelabs should i wait until i finish pre security to set up multiple vm labs or start right now, because i told myself i wouldnt jump to kali and follow a few tutorials and not learn anything

so for networking you can look up professor messer on youtube to understand it a little bit better look for his network + guide, if youre more of a hands on learner then just go for a homelab and you can learn that way, as for kali you dont really need to watch a whole lot of tutorials, in my opinion its pretty beginner friendly as it has a lot of the tools and packages you would need, as far as waiting its really up to you whenever you want to learn this, I recommend doing it when you can but dont move onto anything else until you understand the fundamentals

got it thank you for your time

no problem, i just dont wanna see someone else make the same mistakes i did lol

Yo guys do anyone have idea how can I play games on Linux like crack games fitgirl ones ?cause i deleted that shit window 🥀

they dont support that unfortunately also we dont help with piracy here

go on reddit

Hmm okay my bad

Hey guys I need some to help me recommend me some good online business

This is a server to learn cybersecurity not business

Can you teach me then

No. Read #👥・new-member-guide and #👥・info

Ok thx

Guys, what is the entry-level job for cybersecurity?

can be also in freelance stuff

IT Technician

Noted, Thank you very much

@everyone Hello everyone,

I’m currently looking to connect with someone who has strong knowledge of cryptography, preferably with practical/work experience in the field.

If anyone here has experience working with advanced cryptographic systems or Post-Quantum Cryptography (PQC), I would really appreciate the opportunity to ask a few questions and get some guidance.

Please feel free to reply here or DM me.
Thank you!

You tried to ping >160,000 people?

hey guys do u know any simple project that a newbie(me) just learned basic linux bash scripting and network basic can do? really appreciate it

Have you installed Arch linux before?

i'm using kali cause i'm learning red

Installing Arch in a VM is a nice little project that teaches you a lot more about the linux operating system.

Hello! Im new at this what do you think i should learn first to start hacking? Thank you

ok thank i'll note that but do u know any project that using bash simple python or something with kali?

#👥・new-member-guide

Yeah, you can make your own little gui application that runs commands for you.
With python, tinker is built in, and allows you to make GUI windows in both Linux + Windows.

Once you start getting a feel for it, you can look at external dependencies to make it look nicer. Like QT if you want more desktop, or Streamlit if you want more webgui.

there are lots of tutorials on youtube

ok thanks

yeah but i don't see any small project about red much or did my search way is wrong i guess

about red?

https://www.youtube.com/watch?v=2733cRPudvI&list=PLT98CRl2KxKGj-VKtApD8-zCqSaN2mD4w

red teaming or penester

well ur a beginner you wont be able to write anything

learn how to write in the bashscripting language or Python

before trying to write some red teaming or pentester script

you will need multiple years of experience for doing anything about red teaming so dont worry about that now

https://www.youtube.com/watch?v=Fxh9X3-hO4Y

https://www.youtube.com/watch?v=XWuP5Yf5ILI

ok and thank for ur advice

Yes I guss

hey,I am thinking of cyber security as career but now I am not sure should I go for it or not cause of the AI and stuff can someone guide what should i do at this point.

and what's the best distro would be for me as I don't know much but gets me the good base if i learned it for cybersecurity.

if you like the sound of cybersec and the subjects that come with it, then sure, go for it

Kali Linux

Don’t be afraid of AI use it to your advantage

It will only replace those who don’t adapt to using it

If you have electrical experience, Data Center Technician. I've gotten offers from AWS and some contractors.

Hi, is there anyone here who can help me with a choice regarding smart contracts/blockchain?

Basically, it's the first time I'm going to work with smart contracts/blockchain, and I need to create an access control system based on it that is efficient, transparent, auditable, secure, and decentralized...

Does anyone know which are the best technologies to use? And in terms of design, what would be best (I've looked at solutions that use layer-2, but I don't know)? If you could explain, I would appreciate it.

Hi guys, I'm from South Africa, on Saturday morning at 3.45 am I was asleep and woke up to the qaran (don't get offended by the spelling) playing on my gaming laptop without any apps open, I even opened task manager to see where it could be playing but nothing helped, I had to open the laptop and remove the battery for it to turn off.. could this have possibly been a hack? And has it happened to anyone else?

which microsoft cert do you guys recommend for me to do? am planning to do sc-200, reason being that i want a certificate that will make me look employable do you agree that sc-200 can help me achieve that or not?

It's a vendor certs. Not a big fan, but corpos love it cause it's for the partner status.

Hello! I hate to join and the first thing I say is asking for help but I am currently working in a class called Install & Configure Windows server, I am required to work with VMWare workstation setting up 3 servers and a Client, I am currently trying to install windows admin center onto one such server to no avail, it freezes at WinrRM of HTTPS and I am unsure how to fix it, these 3 server have their own domain I must use in class and are configured in VMWare as VMnet1(Nat) I have tried troubleshooting myself to no avail and was wondering if anyone here would be willing to help me as I am still learning and need to push past this in order to continue within my class, no pressure if not.

Please Is it better to run Linux on a Mac using a virtual machine or from a live USB?

I greet everyone with respect here. Please am looking for where to buy genuine hacked logs for office email, payment system log and bank logs. Any help will be greatly appreciated

greetings. we cant help you with that, i dont think it is within the #📜・rules

I suppose it all depends on you, I prefer to run VMs(although i am not on mac) however a live USB with persistence has its own value

heya, I am not 100% of what you need but AI can be handy in troubleshooting.
maybe try re download the software that the class provided and run it again

Is it an arm silicone mac?

Read the #📜・rules and we are obviously not helping you

guys, why is linux such a difficult thing to master

im attempting FUNDAMENTALS, on HTB however despite all the notes and commands i take it doesnt work. anyone know what im doing wrong here?

it too me a while, persistence is key, it takes time but once it sticks in your head you will be good, the thing for me is linux is constantly a learning thing for me, there is always more to learn.
youtube videos helped me see how others where doing things and that helped, hanging out in VC with others when they where doing stuff also helped allot

thanks for the advice, ill try and apply it where i can

MacBook Pro 2020 core i7

Alright.. a VM should always be the first choice. A live usb only if the machine you use is not capable to run a VM

Thanks bro

Will do! That is one of the steps I had not yet tried

so report them to facebook.. what do you think anyone here is going to do

We can't do anything about it, contact facebook support

👍 🆗️

hey, sorry we don't help with unethical/illegal inquiries #📜・rules

You will lose your account if you try and bypass it

Fr?

Veterans of the server, should i dive into a project i had in mind or should i repass all the basics? the project is to create a Network for a company of 930 people on packet tracer. however ive gone back into the depths of basics because i stopped learning after finishing my pathway

in high school. im a senior and i want to have a major accomplishment to be proud of for a project. however, im staring at the DHCP prompt for the packet tracer project and blanking. feel free to give any input, i just want a solid path to feel accomplished on this very ambitious project

the question is, what are you blanking at? the idea of a dhcp? or are you simply blanking at the fact that you don't remember how to set it up? finding out these differences should allow you to save yourself extra time when working on this project

i forgot how to set it up, i learned alot of the basic network configurations, but i stopped keeping up with it due to life and many other things. however ive been trying to start again but i dont know if its better to restart all over or continue where i left off

i feel a mix of self doubt along with just forgetting the simple steps
any pro would fall with this, cisco has their own documentation of commands to set up a dhcp
in my opinion you shouldn't start over, you should go forward with what you already have

thank you, i really think this project will be a big confidence booster and could teach me alot. even if itll take lots of time i love learning about this pathway, and i really hope eventually to break into this. im a very competative ex-athlete, so its frustrating to see so many errors. but ill get it eventually

once again thank you for your input, and i really hope this project works well for me

when facing networking issues always go through the steps of solving it in reference to the OSI model
check cables and connections, make sure they're right
check configuration, etc

thank you so much for your input, it really means alot to get a response from someone, even if they are the smallest things

@floral mason
I don't know why you would ask if something is against the rules and do it anyways, but this is not a place for self-promotion. Do not post that here again.

Understood, thanks.

hi

Read linux basics for hackers

That book pretty good

is it online or a physical copy?

U can get both

Use Anna's archive for online free copies

Download pdf for online copy

thank you

where can i find this btw?

@visual axle

thank you

but what channel is this in

Google

ok

thank you!!!!

hello

anyone with LSH knowledge will be available to help me?

i want to ask a few things i am stuck at...

currently doing tryhackme pre-security, how far do i need to go to be entry level ready? and does anyone have any tips as well. Anything would be appriciated

im having a problem loading my vitual box with ubuntu. can anyone help me!

What is the error you are having?

What is your current tech/cyber experience?

Cybersecurity is not an entry level job however this doesn't mean that you cant get into the field. IT expiernece is golden in this field bc you know how the systems work. If you want to be blue team or read team really will dictate how this conversations goes. Im a SOC analyst and it took me a bit longer to get into cyber but it has served me well over the time.

Entry level could be a few certs Sec+, Net+, BT1, any blueteam cert.

Red team requires a bit more depth from what ive understood however im not on that side of the boat yet.

safe to download tiktok or not?, pretty sure srhoe has one

Pretty sure no one will attest that doing something is "safe"

It is your decision in the end

i mean is it spyware

well everything is but im trying to get at how bad is it same as instagram and other social medias?

Just check which permissions it requires in comparison

alright

do u help around here alot

Sometimes

not much experience, but i know the basics of a few languages python java C++

u should pursue ur own server

have u thought about it

or did u already do it

I have several

What side are you wanting to go down (red/blue)

i’m wanting to do red side stuff like pen testing

Hey guys my friend want to be a soc analyst but he can't found any free course can u guys help me please? He already know a little about network basic

Unaware of any "free" courses. If those are not listed in #👥・new-member-guide there likely are no good one.

Ok thank u

id look at the #👥・new-member-guide a bit more but redteam is not easy to get into in my experience (as ive been trying for a little bit)

I know some free ones like SOC analyst path from Cybrary or SOC Analyst course from Purple Hackademy

Hello, I’m trying to identify the publishable key used by an API endpoint, but it appears to be generated or stored only on the server side. Any advice on how to approach this?

That would depend on what specifically you are trying to do here

I’m trying to make a bot that interacts with the API. I decompiled the app and analyzed the logic, but I couldn’t find where the publishable key is defined. It looks like it might be generated or handled server-side, so I’m trying to understand how the client normally retrieves it.

I meant specifically which api

oh sry im referring to the Uber Eats API for adding a payment method. I decompiled the app and found the tokenization flow but it requires a publishable key

This sounds like you are breaking their ToS

Hello everyone,
I am having so trouble configuring my traefik...
I want to see the real user ip and not the cloud flare ip (i don't want to ban Crowdsec to ban Cloudflare ip). YouTube vids are giving me an answer but AI is giving me another one, so i think i need for advises.
YouTube vids answer:
fields:
--defaultmode=drop"
--User-Agent=keep"
--X-Real-Ip=keep"
--X-Forwarded-For=keep"
--X-Forwarded-Proto=keep"

But AI advise is:
--entrypoints.http.forwardedHeaders.trustedIPs=(Cloudflare IP)

(Btw i am using coolify idk if it will help)

i don't think i understand you, go over again
you cannot see a user's real ip address if they are using cloudflare to hide, best you can do is report abuse to cloudflare themselves

Sorry i'll try my best for making it clear.
I want to manage website, I am setting up everything for making it work well.
Here, I am configuring traefik behavior, I want to make the real ip of someone shows in the log and in crowdsec. I don't want crowdsec to ban the cloudflare proxy ip because someone tryed something nasty.
I apologize if this is still not good enought by the way.

Thats easily answered. without going out of your way to run scripts on the browser of the persons visiting the site then - you can't get at their IP

not to mention chrome browsers have extra protection against script executions

And running scripts on their browser has its own little legal ramifications of course

Thanks for the answers !
But how can I secure my website with crowdsec ? (Is it to much and should I only go with a good configured Cloudflare ?)

You essentially let cloudflare handle that part

at least for those users who come from there

firstly, you need to figure out the amount of traffic sent from your website
gather the numbers, then set a limit to the amounts of requests that can be handled by the server side

If you make the decision that this is not secure enough, you gotta have to block cloudlfare connections

that way, whoever uses cloudflare to "pull something nasty" wouldn't be able to cause a denial of service

there are many ways to secure a website, but since you're talking about not being able to block cloudflare as you're using it that's the first thing that crosses my mind

you could flag out certain headers

Thanks you guys that's helping me a lot !

Yo

I want to bypass an honor X6a but I don't know how to,its my first time dealing with the phone,I don't have a PC,its dead

bypass as in "get past the lock screen"?

So ill have been a blue team for a year in April.
How do I make the transition into a pentest/red team job?
What skills and projects can i utilize to better be "picked" for an interview?

#potentialMentorPost?

Yes

A friend forgot his password and Google account

Contact support, we cannot help with this, read #📜・rules

Yeah, as you were told. We can't help you there. Generally we do not help people, who despite their story end up in the exact same situation as someone who has just stolen a phone

Understood, thanks thou

Hey everyone, I need help in trying to create an account on a dating site even with proxy i still get banned

did you just get banned from using a dating site

brother what the hell did you even do

hi everyone i have a question.
I learned about IDOR in Tryhackme jr pentester path
But most of the website have developer tools blocked off
so how do you bypass that

also we cannot help you bypass anything related to intentional security measures illegally #📜・rules

oh okay okay

I keep gettting blocked not banned. Even with the help of 9proxy i still get blocked

https://gist.github.com/aravindanve/3e13d995fac35e4a07c236b11cc432c7

why do you need a proxy

just use your original ip address

Thank you. i learned about it today and i thought even though there are saftey mesasures people still bypass them thats why i wanted to know

Here in my location i can't register match.com as my location doesn't match so that's why i use proxies

you can try other dating apps then

If you have any suggestion give me

you can research that but i've found freemeet just now, might want to look into these

it's also not an appropriate topic to discuss here

For a short while I was volunteered as tribute community moderator on a dating side.. getting blocked or banned is rather easy if you have a phone with a camera 😉

they would instantly ban me cause of all my aura

that’s why I can’t get any matches

At one point I was also a community moderator for sony online entertainment.. now that I think about it

no other reason 😭😭😭

you saw the messages..?

DMs? No, I did not there

good..

and on the dating site only the stuff people reported

kali-moment

Bro what do you mean my screen locker is broken ahahhaa

gosh i love linux 🐧

anyone have expertise with Hashing? LSH etc?

I do fam

oh great, can i dm you?

if ydm...

I never dm gang

Can you say it here?

no issues

i am working on a project to filter ROT data from meta data, on a large scale data filter project, any tips for me as a junior on LSH?

@woven hazel

For largescale ROT filtering with LSH, the main thing is tuning your similarity threshold and bucket size properly

Too loose and you’ll get tons of false positives, too strict and you miss near duplicates

how to nail it then?

it’s mostly experimentation ykyk, start with a small subset of your data and try different bucket sizes and hash functions, see how many near duplicates you catch vs false positives

Once you find parameters that work well on a sample, scale up gradually

i will have to train my ROT filter model like training AI? or is there any different approach ? i can't figure out where should i start, i tho have 6 months to submit my project but i don't see any starting point at all... welp 🙁

You don’t need AI for this, with LSH + hashing is enough

they want MVP ready type, like in interview if they ask me how will you scale it and how you will get the datasets to further train it? .. you have any answer bro?

not even ML and neural network? only about hashing? ...

YehYeh, for an MVP you start with a small clean dataset to prove the concept, for scaling, use batch processing + distributed LSH or a cloud setup

Yup, for this kind of ROT filtering hashing + LSH is usually eough

you only need ML/NN if you want to predict patterns or anomalies beyond near duplicates

can't i make it an API , like imagine my project as a pipeline between user and cloud and it will save your money before your data hits the cloud!, and to ensure no data loss, it will redirect the filtered data to 180 days AWS cheap glacier storage, so it will save you Ton of money, like i think this project will pass me with flying colours!

is that possible? @woven hazel

Yessir it is, Make it an API pipeline: user -> ROT filter -> cloud, backing up to Glacier is smart for cost and durability.

how fast and accurate i can make it/

?*

what will depend to make that happen?

@woven hazel

Speed and accuracy mostley depend on data preprocessing, hash function choice and bucket tuning

i am thinking to buy Macbook M5 max with 32core gpu, 64 gb unified ram , will that be enough to handle all the computing and make my API as minimal as none if i host locally? you have any kind of scale to know that?

minimal latency*

that spec would be strong for local development and prototyping, apple silicon is great with parallel workloads and memoryheavy tasks

Whether its “enough" depends on dataset size and throughput you expect

you are my hero

thank you for helping

You're welcome fam, anything else ping me ✌️

can i ask you one last favour? i am a total newbiw, can you give me a proper roadmap to folllow, i owe you one bro... thank you again.

roadmap for 6months to persuit

whats the best way to learn python i know it takes months and even years to learn a language but id like to start learning python but i dont know where to beign

Sure!
1–2 monts: Linux, networking, Python basics + TryHackMe/HTB labs
3–4 months: Web security APIs (XSS, IDOR, JWTs) + homelab
5 months: Hands on project like your ROT filter
6 months: Polish MVP, document also try mini CTF or bug bounty

just open a video and learn, there was no right way to ever start, and one more thing you can never learn one language completely, you can just make more muscle memory... and trust the process

like what does bug bounty play it's role on a ROT filter project bro? i can't connect the dots...

🤧

any recomendations?

you are from?

lol yea, bug bounty isnt directly tied to your ROT filter, I just meant its a way to show practical security skills on your resume

how many languages you already know?

ouu i see

Doing one or two small bounties or CTF challenges proves you can apply concepts which helps if you get askd "what else have you done" on a interview

ok bro, i'll keep that in mind and keep you updated

you didn't mentioned diffrent type of hashing i have to use, like LSH, some bucket you were saying, what else i'll need on my journey bro?

i prefer not disclosing such information

none

https://www.learnpython.org/

For your ROT filter stick to MinHash + LSH

Later check SimHash

Hey everyone! Quick question about bug bounty setup:

Do you need Linux (Kali/Parrot) for bug bounty hunting, or is Windows viable these days?

I know Linux has the traditional pentesting toolset, but with WSL2 and most tools having Windows ports (Burp Suite, ZAP, Nmap), I'm wondering if Windows + WSL2 is enough for most programs.

What's your current setup? Any Windows users here hitting roadblocks, or is it smooth sailing?

Thanks! 🙏

Sorry bro, we can’t help you

It is possible to do bug bounties in windows but I would highly not recommend it

You will come across alot of Linux machines in your cybersec

career

And trying to gain a bit of Linux experience would be greatly beneficial

• your overall experience would be better on linux than windows

I got it. But for some few months i wanna try it on windows..

And what about WSL2 have you tried that?

you can make wsl2 work for bug bounties

but at that point you are just running linux

Okay, that's sounds good.

Ahh got it 😅

Thanks @dry island

How do I make Instagram account more stronger

This is probably one of the worst possible servers to ask that

use 2 factor authentication with a secure password

I think they are looking for views/subscribers

guess thats one way to ask, sort of

we dont help with that contact the authorities and report extortion

If I paste a link to a thm in here am I going to get flagged

no

Apologies i see, I tried contacting the FBI but they were not helpful

https://tryhackme.com/room/mustacchio

there’s a portion of this one that requires XML, and I’m totally stumped on it. I haven’t really interacted with XML before so I’m pretty lost

its a police matter, will be raised if need be

neither is someone going to be here

if its a web app then look into XXE vulnerabilities

Bet, thank you

hackers i have a question that i should know the answer to but i am not sure of it

• Question:
  What is the difference between password and keyboard-interactive SSH authentication?

• My current answer:
  Keyboard interactive enabled allows an interactive prompt to enter a password during the ssh authentication, but if its not enabled but password auth still it, then the ssh server still allows the password to be passed over in the command like using sshpass but will never present the interactive prompt? (Probably to save automation bugs?)

This accurate? Or can someone shine some light on my misunderstanding?

Almost got it, password auth just sends the password directly to the SSH server for verification

keyboard-interactive is a response system where the server sends prompts and the client answers, it can be a password but also OTP/2FA via PAM (i think)

Ooooh I see, so when keyboard-interactive is supported, I can enable something like a certificate as well as a MFA code and thats why its supported differently, because the keyboard-interactive prompt can support anything, yes a password but not just a password?

Whereas, password is limited to the ssh user password

i need help i want to start mining can someone help me get started

look for a different server

okay

Exactly 👍
keyboard-interactive lets the server ask multiple prompts through PAM (password, OTP, MFA etc)

password auth is just the single SSH account password check, nothing more nothing less

Thats why keyboard-interactive is used when you want things like 2FA or additional auth steps ykyk

Thanking you immensely! 💯♥️🙏
This cleared up my understanding perfectly
have a good day

yw fam, same for you! anything else ping me 🦾

Hello OwlSec family, I want to become a hacker but dont know where to start? Can anyone help me?

Document everything and report it to the authorities. Not here.

#👥・new-member-guide #💕・free-resources is a good start. Best of luck in your journey.

Hello guys

(sorry i got timeouted) That sounds like a blackmail case, which is serious, the most important thing is not to engage or pay the person as that usually does it worse
make sure to save all evidence: screenshots, usernames, phone numbers, messages, timestamps, and any files or images involved
report it to the platforms used and consider filing a report with local law enforcement

Anyone ever had their Instagram suddenly deleted? Apparently there's a script or tool that will send numerous reports to the account. Is this true?

I am not sure, but I guess maybe certain comments, posts might trigger automatic deletion

Hello everyone

Looking for some advice on ssl pinning , frida techniques. I have a research on metaquests telemetric data privacy issues. The device is rooted with the cert from mitm.

Hi everyone. I want to start in cybersecurity/pentesting. I'm currently learning Python, but I'm not sure which fundamentals I should study next. Any recommendations?

Hello

#👥・new-member-guide

I would always say networking is good to get a basic grasp of. No need to go heavy in and lose yourself in the sauce, but if you familiarise yourself with some basics like the layers of a TCP/IP connection. The differences between TCP and UDP, Ports and local networking it will help you understand what youre actually dealing with on a digital device

if its rooted and you already have the MITM cert installed the main hurdle is probably SSL pinning,, most people handle that with Frida hooks to bypass the pinning checks

check first if the app uses the default Android trust manager or a custom one

Why can't you say it here?

and you honestly think that someone is going to dm you now, WITHOUT the intent to scam the living daylight out of you?

@slate pulsar Yeah for your own safety im deleting that. I agree with Eris2cats.

Hey guys does anyone figure they could help me figure out how to get past facebook multi factor authentication? I got locked out of my facebook account and the only options I have for multi factor authentication is a phone number I no longer have and my authenticator app which I don't have anymore because it's got my ex's email for the verification on that. So now I'm stuck and facebook is all but useless when it comes to their support service

contact the support services. Other than that we cant help.

Why would someone even use the email from ex in the first place?

Fair enough. Their support is the worst I've ever seen ffs it's terrible

Would honestly just create a new account

And I didn't put it there she's just spitey as hell hah

I did that but I've had that account for like 16 years or something like it's got so much stuff on it I really need access to ugh 😭 meta needs to step up their game in the support department ffs

They probably won't able to help you in such a case anyway, since they are probably not able to verify if it's really you. If you don't have access to the mail or phone number you used when you registered they probably won't do much.

Hi can someone please help me on how to bypass the telegram sms fee

/rank

We do not help you with this. Read #📜・rules

We will no thelp with that here. Please read the #📜・rules

Ok...but where do I go for help with this please

Heyy
I was installing arch minimal with the script and forgot to setup network configuration
Now I can't connect to the network neither through lan nor ethernet.

Boot in and check the interface with ip a. If it’s down, bring it up with ``ip link set <iface> up and run dhcpcd <iface>

A mod told you to stop

So you should stop whatever you’re trying to do as you are trying to harm someone

"We do not help with this" does not mean "Let me help you by pointing you elsewhere"

Not here. As pointed out already.

i wouldnt setup arch if you're not already experienced with network configuration setup etc

honestly their install script is rather simple to use

Hello, do you guys support hackforums.net for new learners or there are better alternatives

yeah its decent, there is many experienced people on there

Ah well
I'm not lying
I've been using arch for the past year and this was the only the I fucked up this bad
Well as they say learn by breaking shit
I'm doing that

@anyone from uae 🇦🇪 or middle east?

what advice are you looking for

hi evry one

hi

what interesting today

(#💬・old-gen-chat btw)

is there someone here that knows how to do a dashboard database?

What do you mean?

building a dashboard connected to a database?

yes, cus im doing a research project that requires me to have that dashboard so i could continue with the research

im struggling myself making it and its getting confusing cus im new to coding

Got it, what stack are you using?

stack?

i havent really started the code since im still researching how to make one to begin with

I mean the tech stack, like what tools/languages you're using

i know a little java

no worries fam, a simple setup could be PostgreSQL + Python (Flask) + a basic web dashboard

You could use Java + Spring Boot for backend then

1 quick question how does spring boot work?

lets say Spring Boot is a framework that makes building Java web apps easier

ohh oki

If you got any other issue tell me gang

ok thx

im confused on the installment instructions

the easiest way is to go to Spring Initializr, generate a spring boot project, download it and open it on an IDE like VSCode

From there you can run it directly and start adding endpoints

can someone help me with the room called CI/CD and build security on thm? i cant get started, i have a problem with the first line I'm supposed to write in the terminal

whats the problem

You need to first see if your interface is detected using ip link command
Then bring it up manually using ip link set <iface> up

Then either you can dhcp then ip by dhcpcd command or give it manually through nmcli

Now this is temporary fix, so after this you will have your network up, now install networkmanager using pacman

And enable the networkmanager service 🙌 you are up to go now

ill have to run it again and screenshot the terminal but basically this command doesnt work properly for me, even though i checked if ip addresses are right: "sudo echo 10.200.60.150 gitlab.tryhackme.loc >> /etc/hosts && sudo echo 10.200.60.160 jenkins.tryhackme.loc >> /etc/hosts"

i remeber whatching this walkthrough and doing alongside him and the output looked different for me and from that point on i couldnt basically follow by myself since the setup didn't work properly

https://youtu.be/Yz8MclV03MA?si=Ss_f2QVDlVpwYOxc

yeah that syntax is wrong

thats from thm copy pasted

he copy pasted it also

unless it was changed to be wrong by accident

ill check rn

that syntax is wrong

sudo sh -c 'echo 10.200.60.150 gitlab.tryhackme.loc >> /etc/hosts && echo 10.200.60.160 jenkins.tryhackme.loc >> /etc/hosts'```

would be correct

yeah i just checked he typed it in just like that and it worked for him

if it doesnt work then paste the error

ill try that other sy tax u just wrote

that you get

ok bet

same with this original command that thm gave you

show the error that that one gives you too

ok

but realistically, you could literally just do this manually

how?

sudo nano /etc/hosts

add the following to the bottom, not commented:

10.200.60.150 gitlab.tryhackme.loc
10.200.60.160 jenkins.tryhackme.loc

then CTRL + X then Y then Enter