Python by itself isn’t really the main leverage point for transitioning into exploiting vulnerabilities.

It’s more like a tool that will help you automate things or build your own software/tools to exploit things.

To learn to exploit stuff you need to learn about the vulnerabilities themselves.

Hello everyone, I'm new here and I need some help understanding more about hacking and if you can show me how and how to prevent it from happening. I will be glad if anyone is willing to tutor me

Thanks brother I appreciate it

Thanks brother I appreciate it I will do it so

Agh responded to the wrong person

You can download Wireshark and look at your traffic. There is a book on breaking down what it means in #💕・free-resources If you want more of a project you can make yourself a little firewall with an old PC or a raspberry pi and downloading something like pfSense and route your traffic through it. You can also subnet your home network

It's hard to train how to be a soc analyst before you do it because there are a lot of enterprise grade tools that aren't cheap you work with in the industry, but that can get you somewhere. Plus potential employers love personal projects

Hey I lost a ingstagram account can you I get some assistance or information on going about getting back into my account please

• forgot password
• support
• hacking it is against #📜・rules

I lost the email it was on my last phone I had which previously fell in water I lost a lot of information

Not quite sure if under the rules but I think it may be fine. I have suspicion that my computer might have some sort of malware or spy ware. But windows defender and malware bytes are not able to find anything. Would you recommend just cleanly reinstall windows from flash with iso image and that would be enough?

What makes you suspect that?

Random CPU spikes and sudden lag spikes that appear that never been before and network traffic seems slower than it used to be.

These are old articles, but I still share it with people that has the same problem. One uses sysinternals and the other powershell: https://nasbench.medium.com/hunting-malware-with-windows-sysinternals-process-explorer-2baec974bec9, https://medium.com/@mouhibmh/the-ghost-in-the-machine-a-hunters-guide-to-auditing-windows-malware-with-powershell-7be2f2125d01

Good day everyone I'm new here and I need help, someone to teach me hacking from the start please I really need this to help me

start with networking, also feel free to check out #👥・new-member-guide and make sure to clarify yourself with the #📜・rules

So could I get any assistance anyone

with?

go on netacad.com for the full networking guide for beginners also learn a bit of linux

@native willow

Thanks for ur response

I'm very Nigeria how can I get legit website that pay online survey and how do I go about it

Hello guys please what's a domain for a website?

Anyone got good spoofing method that grab otp thats not automated

Yoo

I got a prob can any pc nerd help?..

A domain is basically the address of a website on the internet—it’s what you type into your browser to visit a site.

There’s virtually zero entry level tech related jobs in my area. My only option is a phone and computer repair place that pays 11/hr 💔💔

And if you have already built up your website and you want it to be online what do you need apart from the domain

You’ll need to connect your domain to your hosting. This is done through DNS (Domain Name System) settings—basically pointing your domain name to your hosting server (usually via nameservers

Ok bro

And the Domain dependent on the kind of website also?

Thank u

Anyone able to help get an IG account back ?

We do not offer those kinds of services check #📜・rules

Ok thanks for letting me know I’ll have a look

It was for my own account had about 5-6 k organic followers built up over Covid and stuff

Was just seeing if there was a way to recover it I’ve heard people have been able to don’t know much about it or anything

Tough luck

Instagram are very strict nowadays

Have you tried any account recovery method ?

But there are ethical ways to recover the account

@bright smelt Have you tried this?

stop discussing about illegal recovery method

#📜・rules

you've been warned before

any recovery should go to instagram support

Said ethical

Social engineering

anyone know why discord displays an error 2012 message

How that happen?
Report to the police

Hey chat I’m new here and wanted to learn as much as I can. I’m a responsible and respectful individual just trying to gain skills and build income in these times. Heard this was a hacker hub basically and idk anything about ethical hacking but would love to learn if anyone wouldn’t mind guiding me?

so i’m curious if i pair I2P with a VPN service would that be enough to conceal my footprint on (not entirely ethical) sites.

If there are more secure routes i could use, id greatly appreciate a hand. love yall

Hello there

Hey Reyy do you know what I could start learning where to begin being an ethical hacker

#👥・new-member-guide

Start there. I would be cautious if dms If someone offers you that without building a reputation

Need help in being 100% sure my accounts are safe!

Anything happen ?

Just think there is someone who's using an old passkey or sonethinf

When did that start

Im the past where is your ovo tag?

Hello, new here.. I set up a server on an HP Elitedesk 800 G3 SFF, I set up RAID 1 for my network. I cleared the bios and I can no longer boot to my server, Debian 12. The BIOS, isn't seeing the NVME which holds the boot /Debian 12. I'm not 100% what happened but I never deleted the NVME. Let's video chat if it helps. The BIOS settings are crazy.

3.6TB of data.. I can also recover it, but I rather have the BIOS go back to how it was working.

take out the CMOS battery

Pulling out now. But I did push the yellow button earlier and this happened.

Yellow button is CMOS reset

I got the same POST error

About the time. It restarted a couple times and I'm about to set the correct time.

It wants to load in PXE, ipv4

I can go into BIOS setup

I'm gonna disable PXE from boot.

Debian 12 is installed on the NVME, the RAID 1 is on 2 seperate 4TB HDD

I keep getting the no operating system on hard disk drive (3F0)

run Diag test,check if detect HD..check boot order

Diag test doesn't do anything. It detects HDD cuz they are RAID 1, but if I load it said not boot. My boot for the Debian 12 is in the NVME

It doesn't detect the NVME.

@lost vapor @steady palm

No we won't.We teach with an ethical approach and mindset, please read the #📜・rules

Can anybody help me get my PlayStation account back

Bruh read the #📜・rules please.We dont do that here

My fault

Start here my friend. #👥・new-member-guide .Take your time , read through it and ask questions.

My pleasure

No, not warning again.Read the #👥・info channel to please

Unethical!

Try Support

So for my software laboratory project CSC 320, my supervisor asked me to pick a topic under cyber security that is specific, measurable, achievable, reliable and with a time frame of 6 weeks.

Pls I need your help with a very simple and beginner friendly project idea under cyber security and resources that best fit this description that can be achieved within 6 weeks.

Interesting, your university runs quite late if its due in 6 weeks

Yes. It was impromptu, I only got to meet with the supervisor yesterday and he gave me deadlines to come up with a topic today for approval.

I want OSAI videos does anyone have ?

I wanna learn cybersecurity both Defensive and Offensive, I have been using AI to learn basics but because its restricted I can't learn some offensive parts and can't move further, Can you please guide me from where I should start?

#👥・new-member-guide here you'll find everything

I did saw that but it got me more confused

I don't have any CS background

go on tryhackme, do an account and follow the guide it will make more sens trying to do it than just looking at it 😉

I was learning python for coding(as its easy for beginners) and wanted to learn cybersecurity

ohh okay

@prime plover Do I have to learn multiple coding language to get into cybersecurity? or I can just do it with python?

python is good only it but learn bash too

okay thanks for the help

hello anyone with a chinese or taiwanese discord server text me or anyone who needs help with cleaning the house im here to help

how can i get into my girlfriend whatsaap without her to knw

ye we dont do that #📜・rules

why would you even hack your gf

that was rhetorical btw

she has started missbehaving wanna knw whatsgoin onn

well we still dont help with hacking social media's and chatting platforms
sorry that you feel the need to do this

everythin was just cool not before she went to university things started going different ..when i ask she kinda busy with her studeis

Hey everyone, I’m new to cybersecurity and trying to learn ethical hacking. Any beginner resources or advice you’d recommend?

yeah, we have
#👥・new-member-guide
#💕・free-resources

How am I gonna start?

you got a pc?

or laptop

No bro

A phone only

learn linux and networking by other means, networking through youtube and linux with termux if you have an android

Yeah

Okay

Who's teaching me

How to get started

I really want to know more

Me too

do you have a pc?

Not yet

@novel walrus you just joined too

Yeah

I just need a private teacher

Im also new and i wanna learn

those cost money

#👥・new-member-guide

Really

its a private teacher, what do you think?
you dont get free private chefs or butlers

Hmm

This industry relies on one haing the ability to self learn and teach yourself. So what we can do here is point you in the right direction and give you the resources. But the rest is up to you.

Got you, I understand. I’m ready to learn and put in the work. I’d appreciate any resources or direction you can point me to so I can start the right way.

So start here, #👥・new-member-guide . See what path interests you start heading down that road. if you have questions feel free to ask here

I really needed that too .thanks

hello guys i need a gift card online store that doesnt have 3D gateway kindly share

first of, no, because #📜・rules
second of, what?

i didnt know

all good

hello, i have 2 diff unrelated questions.

1. Is there a way to stop prevent session highjacking? making so even if someone gets your cookies they can't log in to your accouts.
2. Is having the password the only way to clone or emulate a nfc card/tag and does it depend on the tag type.

Good morning house

uuh
id say:

• ip binding
• short sessions
• re auth for sensitve stuff like password changes
• token rotation
• there are some flags you can do, just dont remember them on top of my head

and for nfc

• MIFARE classic is hella weak, can be cloned with almost anything
• MIFARE ultralight doesnt even have auth
  and NTAG stuff also generally has no auth
  idk if u can bypass the password tho, might not be able to talk about that

goodevening everyone, i'm trying to make a IDS for windows using python for our school project. is there any tips or guide you can recommend me? thanks

Good morning

what you need help with?

what do you mean fake advice?

If it’s illegal, we won’t help you. Read #📜・rules before you ask for help.

it wasnt, just badly worded

I don’t understand about the “fake advice”

Clarify

i still dont get it, basicly he was afraid he wont get a new interview since he didnt get into the online interview due to a zoom issue

I still don’t understand what you need help with. What is the issue you’re facing and what solution are you exactly looking for?

helped him with it in dm's i believe

hey just wanted to ask how much programming is involved and required in cybersecurity. I have some knowledge but I'm not really proficient at programming in python & java.

there is some programming involved, depending on which field you choose and where you go with it
a very good hacker (most of the time) has coded for a bit with more than one programming language
but if you're aiming for a standard approach and decent skillset, you do not need to have programming skills for that
but just to know how to read code, and understand what can be vulnerable with it

some payloads that are custom, may require you to know coding in order to execute them/change them especially in a red teaming environment

could someone help me with setting up vulnerabilities in active directory

done a decent amount of things in it so far but i’m kinda just learning as i go

They may have some machines here already configurted https://www.vulnhub.com/

can anyone please help me with adruino?

would i keep my domain controller for these or are they full directories?

They should be prebuilt VM's that you find the vulns in

Hey there!

I mean.....
How are you supposed to find a bug or misconfiguration if you dont know how to program in the 1st place..

i am trying to pentest mobile login workflow on an app and here are the following requests that were made

Request 1 — Mobile Number Submission

POST /erp/api/admin/loginOTP HTTP/1.1
Content-Type: application/json
Host: [TARGET-HOST]
User-Agent: okhttp/3.14.9
 
{"mobile":"83*****246"}

Response 1

HTTP/1.1 200 OK
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Origin: *
Set-Cookie: PHPSESSID=[REDACTED]; Max-Age=7200; path=/; HttpOnly
Upgrade: h2,h2c
Content-Type: application/json
 
{
  "status": 1,
  "msg": "Success",
  "data": {
    "userid": "8",
    "mobile": "83*****246",
    "email": "[REDACTED]",
    "firstname": "[REDACTED]",
    "lastname": ""
  }
}

Request 2 — OTP Verification (entered wrong otp just to see the response)

POST /erp/api/admin/loginVerificationOTP HTTP/1.1
Content-Type: application/json
Host: [TARGET-HOST]
User-Agent: okhttp/3.14.9
 
{
  "mobile": "83*****246",
  "otp": "****",
  "token": "[FCM-TOKEN]",
  "type": "2"
}

Response 2

HTTP/1.1 200 OK
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Origin: *
Set-Cookie: PHPSESSID=[REDACTED]; Max-Age=7200; path=/; HttpOnly
Content-Type: application/json
 
{
  "status": 0,
  "msg": "OTP does not match. 3 OTP attempts remaining."
}

i needed help figuring out vulns/exploits so that i can report them, i have already reported 2 vulns, one being the info reveal before login, another being the fcm token created before login

please ping me if responding

oh okay thanks

What’s an FCM token? And what do you need help with, exactly?

Firebase Cloud Messaging token, also i needed help with finding more vulns/exploits so that i can report them

Oh, well, that’s a very broad question. Do you have permission to test this or do they have a bug bounty?

i do have permission to test it, though there isnt an official bounty program for the same

If you google it there should be images of it

Hola:) I have my first Instagram stocker. Does anyone have any suggestions on how to find out who it might be? I only have their user name. They are not following anyone or have followers. Plz help thank you!

We dont help with that #📜・rules

Then learn what each layer does

Start at layer 1 and work your way up to layer 7

Idk what you want then

What exactly do you need help with?

Im not an LLM, idk what you know
@marble turret would love to learn the OSI model with u

Did he just get banner or something?

No clue, lol. Maybe he sent something against the rules in another channel.

How to get api keys from vibe coded sites

Please 🙏

read #📜・rules

Hi, my laptop is destroyed. Does anyone know a good laptop? My old one was very slow and I want one again

Teach me cybersec

thinkpads

I would love to explain the OSI Model i learnt today

cheap and solid

can anyone recommend what certs i should go for as someone who has 0 Cybersec experience? do i just got for the comtpia + certs or something else?

Thank u, than I will look for something like that

What OS do you like? I agree with the thinkpads. Now, if you plan to use any flavor of Linux, you can use almost anything cheap on ebay.

Yes Linux, because I want to learn more

thinkpad is still the way to go imo

I agree. They are well built with good components.

atleast from what i heard/know, lenovo thinkpads are great with linux

and you can get them for a decent price

Yes I looked on eBay they are something about 300-450€ euros. Gen 3, 16 GB Ram, 512 ssd and core i7 good?

Id say for linux its really good, win 11 works on it fine, but i dont think its high end games material

Yes I don’t need high end games. I want something that I can carry around

#6 -> #📜・rules

id say its great, still stand that linux would be amazing on it

Sorry

Yes I think I will buy one and test it

Thank u

“I discovered a covert Wi-Fi–enabled camera concealed inside a power adapter in a hotel room. The device was transmitting live footage to an overseas server (likely China-based). The hotel management is cooperative and denies involvement, and there is no CCTV footage available (as we don’t know the culprit and his day of visit)

Given access to the hotel’s network, what would you suggest as the most effective approach to identify the individual responsible? Can network-level evidence (such as router or access logs) realistically help in attribution, even if the operator used VPNs and foreign infrastructure

It was a mid range three star hotel in india. Also the spy cam was connected to hotels wifi for transmission of video to chinese server

Network logs could tell you when the device first appeared in the network. Assuming the hotel doesn’t do log rotation.

Bought one right now on eBay 👍🏽

Help me pull Fortnite accounts

guys ive got a problem i have an pc server and i lost my pasword how to get it or change it i have the user on my pc but no idea what was the pasword

Yoo guys

Did you read the rules at all?

She wanna find out who this ninja is

Yeah

But can yall help me

So you read them and decided to break them anyway?

Alr man mb

Nah never mind

Now you’ve gotta get ready for the scammers who are gonna try to sell you hacking services in your DMs.

no

we do not do hacking illegaly

for me its the opposite, they trying to hire me to hack this and that

we are not a service of hacker for hire #📜・rules

They never ask me to hack anything, lol. They just ask, “Hey bro, can you help me?” and they never say with what 😝

Pls where can I learn cybersecurity

with me they are quite specific with what they want, funny to see what people expect me to develop or hack

#👥・new-member-guide

Ik its illegal yeah it was so dumb of me to ask it like that

Sorry about that

What Linux is better for the beginning? Ubuntu or Kali

skip ubuntu, do mint for learning linux and kali if you want to specialize in cybersec and learn linux, both are fine, just dont do ubuntu

dont trust whatever the LLM you use says, stay away from ubuntu

Okay perfect. Thank u

I will download Kali

good luck

I need help with creating a virus that demands payment so it self destructs
🤪🤪🤪

Against the rules
Check #📜・rules

Over in #👥・new-member-guide (:

Hello everyone, so i just create my own cyber tools and i need advice on what i can add or upgrade their is the futures sorry for all i use google trad for the text

Simultaneous attacks on SSH / RDP / FTP / Telnet / SMB / Web
AI-based password generation (GAN, up to 1M/sec, city-tailored)
Massive password lists (50+ GB)
Smart resource management (low CPU usage, adaptive delays)
Real-time interface with result export
Area attack mode (automatic scan followed by large-scale launch)
Full network scanning (TCP / UDP / SYN / vulnerabilities)
Large-scale IP scanning (IPv4 / IPv6, Shodan-like banners)
Fast subdomain enumeration
Directory brute-forcing and large-scale fuzzing
Automated OSINT collection
Active Directory testing (Kerberoasting, DCSync, etc.)
Cloud attacks (AWS, Azure, GCP)
RDP / SSH exploits
Web attacks (SQLi, XSS, XXE, RCE)
Mobile tools (Android / iOS)
Zero-day vulnerability fuzzing
C2 infrastructure with 50,000 bots
Full remote control (keylogger, camera, files, etc.)
Various DDoS attacks (HTTP, SYN, DNS, etc.)
Botnet recruitment and management
Massive password generation
Automated phishing creation (emails / SMS)
Detection evasion techniques
Vulnerability prediction

No botnets, no C2, no illegal stuff, we cant help with that unfortunatly..

ohhh

is an legal service ?

my bad gng

How can i by-pass login page😋

i can help you

use vulnerability check

You wont be able to, dont ask for unethical shit here

oops

ye dont do that is bad

vuln check wont do anything for bypassing logins....

is help

if you know how to use it

Okay..ty

Ayt bet

are you advanced?

know how to code and do an check up?

Got 0 knowledge

holy fucked

what do you try to bypass?

Kinda begginer in this stuff im tryna teach my self

My lost Instagram acc

ohhh

i can refund it if you want to

did you remember some usefull information ?

Lowkey just have the username im tryna teach myself so i can get it back by myself

So i can say i just passed a mild stone

that really hard

you need to learned base or if the password are like smthg 123uwu you can force it

My guy

but if he's like 12gdf24FxxDdd32RDd02qrjq9RQRJ

you cannot

Dont even try anything

Just contact support

ye

or contact support

If u try to put in lots of password guesses, youre gonna get it locked forever

contact steam support they better

Aint that comlex i was dumb it cant be that type

@peak anchor If you try to give unethical advise to people, ill have you kicked out.

Facts😅

Also, if anyone is offering to give u the account back for money, its all a scam.

Just contact IG Support, and call it a day

I know that much

Bet

my bad my bad

i know that not halal and is not good to hack

Has anyone used hacksplaining.com?

Or is Tryhackme the best to learn ?

in my opinion, Try hack me is the best for beginners

Hello I am new in this tryna teach myself the goal is to know how to hack,I've read a pdf and I did operating systems and networking as a module last semester know the use of nmap and all those stuffs
now I am stuck because i don't know a way forward or what to do from now i've read a few pdfs about windows xp but now i wanna improve and become better what is the best thing that i can learn from now with what i know already?
I am a beginner and I want to be a red hat

Thank u. I did some tutorials and think about the premium version. Is it worth it ?

I completed many tuts but haven't bought the premium yet, i will probably get it in the summer

Okay good to know, well it’s not that expensive I think I will give it a try.

How much is it?

Well let me check I think it’s around 10€ per month

Better than netflix

Nah, no need to check

I'll check my self

Thanks tho, appreciate u

U too

hi

hi i was wondering if anyone could teach me how to hack someone with their IP address, please. If you can, dm send me a friend request. Thank you

Greetings all please I want learn hacking I have no idea I'm New

Hello
Am new here

no read the #📜・rules

#👥・new-member-guide

welcome

Remember when I was just like this haha

Done

Tanks

Hi Guys, am new here and here to learn new things

Welcome

#👥・new-member-guide

This is a last plea for help... I got hacked last night by someone who new exactly what they were doing. I messaged who I thought was a mate in a hurry and ended up being very subtly tricked into downloading a malicious .exe which once run gave me some sort of nvidia driver error. (Yes I know it was stupid to open a exe. but it was a guy I know and trusted that had had his discord breached and I reached out to him first. Stupid mistake lesson not to be lazy learned!). My wifi is currently unplugged until I can figure out what exactly this malware attack was and if it infected any other devices on my network. If you have the know how could someone please aid me in reverse engineering this exe. To find out what exactly it is and how it worked so well. Until then my only option is to stay offline to not run the risk of my important gmails being stolen.

Have you changed your passwords? That should be step 0.

Everything he didn't get to in time is now set with a 2fa

I don't know if it's worth REing for you, I would just reimage the machine and honestly I would do the same with the other devices

If you don't have backups, 99% of malware won't hide in your docs and pics, so rip them out to the cloud and start over

Or I guess since it's not internet connected, you can do to a pen drive then open it in a VM to retrieve just the docs

Unless you actually have a high net worth, then don't listen to that

Haha yeah its not something I can just delete

The one pc yes

The other no

Wdym

As in one pc has 100s of business documents

And the other one that was initially infected can be sacrificed

However im not sure if it has hopped networks in any way

Ah I see, so you are keeping the sacrifice infected for IOCs

Also yeah a zillion people are going to try to scam you via DM for that req lol

I would still say to rip the docs out and reimage, but I don't have any other useful advice. Good luck

Looking for a good place to learn hacking, I dont want garbage youtube tutorials I want an actual way to learn. Any suggestions?

Try Hack me or Hack The Box? Have you learned some networking, foundations for example?

YouTube has good tutorials, but is true you need to find them (Needle in a haystack). I just saw this in the #💬・old-gen-chat channel: https://roadmap.sh/cyber-security

Hi

Hi

The general chat is here #💬・old-gen-chat

Anyone with experience with Kali can point me in the right direction of utilizing/learning the plethora of tools it comes with? I'm using it in the Windows WSL addon right now before I upgrade my laptop to actually install the distro lol

Hey. I need help.. I'm a noob when it comes to hacking of any kind and I just joined to learn. How should I begin?? I'm tired of being average

I'm stuck

I dont know your level, but I would suggest starting with basic like Linux and networking, then pick one area , maybe a web testing? Then you can learn Nmap, Burp, Metasploit etc. Try Hack Me and HAck The Box can guide you which tools to learn so you are not just randomly running tools

thank you stranger. any pdfs or videos that you reccomend that can give me a general overview?

If you like watching tutorials, there is plenty on youtube, I dont like them. Maybe they will work for you. Try Hack Me, and Hack the Box have also good explanatory notes.

Type it in google, research it and see what you can find and what will work best for you.

I wanna know how to start

#👥・new-member-guide

Yaaaah how can start

what's wrong with using caps

Oh
My comment didn't even show up because I used all caps huh
Wow

?

Automod does not like when you type all in caps

Yeah thanks I was just wondering how fucked I am getting into cybersec, I'm in my second year, graduating next year, I don't think I really understand the full extent of what I'm getting into here

Hello, I need some guidance to learn how to pass CCNA exam.
Any help is appreciated!

I'm new here and would really like to know if there are any community college courses that I could take before I really ready to start develing into pentesting

#👥・new-member-guide ^^

Use cert Queen

Thanks, friend 🙂

Wait chat, can anyone help me with something? I need the best source code for a homemade pwnagotchi! me and my friend are currently working on one

why not just use the pwnagotchi source code on github? https://github.com/evilsocket/pwnagotchi.git

So how can I start learning coding and where can I learn it

We dont help with tat here. Report the issue to your local lawenforcements

Free tutorials on the internet
YouTube, Free code camp and many more

Ouch

Hello, could anyone share if they know is there a way to like monitor/simulate network traffic. I would like to create monitoring and alerting system based on traffic but I have no idea how to simulate mock data for network traffic

anyone know how to reverse engineer games with the intent to create mods for it, the game doesnt have any content mods or modding API just yet, curious if someone could point me the right direction

mostly just need RE it to see if they have loose file loading or that assets are packed but in a readable format, otherwise i would need to work with memory injection...

depends heavily on the engine, which game is it?

enshrouded, they use a custom engine

its kind of a black box when it comes to modding

in touch with the community managers, but atm they dropped a update so they are busy patching bugs

https://github.com/Brabb3l/kfc-parser
some stuff exists, at least

thank you lucy, you do not know how much time this saves

using linux mint i cant seem to get my mic to work i have a logitech yeti GX

maybe pipewire isnt configured?

ask an LLM they are very good at helping with drivers and pipewire

Guys which VPN do you use? Is NordVPN or ExpressVPN good?

skip those, go use mullvad vpn

its very cheap

okay thank u i will try it

or is it even possible to make his own VPN?

i host my own vpn, dns and pihole

so yeah

but

its hard to do?

i still use wireguard for connection and mullvad for exit nodes tho

ahh okay

depends on what vpn features you want, but it mostly comes to how much you want to do from scratch

I dont want to get tracked haha safe is safe

i want to start hacking what do i do

#👥・new-member-guide

ok

thanks

mullvad is the best vpn for that
you also have tor and I2P but belive those are browser only
you could use mine, but i wouldnt recomend trusting strangers with a self hosted vpn to handle your traffic

Yes you said that, what i was thinking haha

But i will give mullvad a try

its like 5$ for 30d

yes thats not much

I can't join the locked voice channels how can I get access ?

Lvl up. Check out #🤝・roles-info

thanks

Nope thats illegal

My computer is opening applications randomly what can I do, especially when I connect my computer to the internet

check your startup apps

We are a cybersecurity server not a trading server 🙂 Try finding a trading server

does anyone got a Professional certificate from tryhackme and do you get a job with this in cyber security? how far is it from reality?

good evening folks. i am just wondering. is bug bounty or maybe engaging with any offensive security stuff in general still even worth it now with all this AI tools and stuff?. i am currently hunting at canva and VDP programs. but i am still uncertain about my decision to continue in bug bounty or offensive security in general, i just saw someone hunting in BBP program only using claude opus and found P1-P2 in matter of hours.

No. Read #📜・rules

#👥・info help me out on how to get followers on instagram

@distant gulch this dude keeps asking how to get free followers on Instagram

Yeah they are okay vpns

So be helpful

No. Stop asking illegal questions. Read #📜・rules again

take a break

this isnt a black hat community

do yall think i should learn hacking before coding

good question

i need a Google my business profile

??

Hello everyone I need some help on creating bots

What's the concept

Hey chattt

Hey can any one guide me or basically tell best YouTube channel or resources to learn AI hacking please please

I’m looking for anybody that’s a spammer, with access to get bank logs

Do you already know how to do "normal" hacking?

Beat me to it

#📜・rules

That’s against the rules brotato

@crisp star no learning but it will help me that's why I want to lean

*learm

Just learn cyber security on a normal way. Plenty of resources in #👥・new-member-guide

@swift lynx but brother no offense but have any of you guys though about it lol 😁😂

About what?

Bank logs etc

Assuming you already have the basic concepts of how AI works, the internals, I can recommend the following (This is for educational purposes, to be used to know how to protect your AI apps against common attacks): https://prompt-injector.blueprintlab.io/ , https://arcanum-sec.github.io/arc_pi_taxonomy/

I agree. Jumping straight to AI Prompting without knowing what to do with the results (Which supports @crisp star comment) is like jump into a Lambo because you know how to play GTA.

Bank logs? Do you mean bank credentials?

Hey guys looking for advice: I created Wazuh and linked two VMs to wazuh to soulmate attacks and show case this at interviews but for some reason I’m not able to get logs anyone know more about this or where I can find info about Wazuh logs?

Hey guys I’m building a new web app using emergent. I just need some assistance with making it completely autonomous when it comes to scanning for bugs and self healing. Can someone offer some assistance?

Does anybody know how to buy tokens for discord

Good day fellow i'ma newbie in cyber security and interested in learning about it, anyone who could help pls

Hack neighbours wifi

Hi guy am here to how to make money every day who could help me please

Check out #👥・new-member-guide

Which Antivirus do u guys use? so which is the best?

#📜・rules

Sorry about that

New here

Always a good idea to go through the server rules for every new server you joined. You can potentially be banned from this server for asking about unethical/illegal things

Hello guys I'd appreciate any help regarding my problem , at work we are restricted to do alot of things and we have a tool (on browser) that I work with that happens to lag alot because of what appears to be a bad network card or idk what they call it (physical problem) , we tend to do an auto refresh code on the console page of wifiman website to minimize the lag a little bit but lately even that doesn't work
can you help me with anything that I can actually do ? i really need to work better to attend objectives and have a decent salary
much appreciated in advance 🙂

How to hack a computer system

thought we could actually get help here it appears we just become a meme for a few seconds for not knowing shit then thats it lmao

my bad yall peace

@open hatch

That a lot tho

it's okay fam

appreciate ur reply

ill figure something out

If the work place restricts a lot of things and you need a tool / software, then ask the IT support to get it approved.

#📜・rules

When people online say to document your projects or labs that you build what does it mean? Like how I do document something? Because like I could explain what ever I did in 5 sentences or less which doesn't look good when someone asks me to explain. Or whenever I hear this I can the only thing that comes to mind are like the commands if I used any.
Here is an example I will be getting a VPS and installing some services and custom discord bots on it and using docker containers, so it will be like a mini digital infrastructure for me.
How should I like document the process? And if I add into this into my resume how will like a companies recruiter know what I did in detail aka what I documented?

we do not promote hacking illegaly

report it to your IT

Hello guyz i kindly ask for your help on how i can start coding

check on youtube and codeacademy and stuff

so i'll be explained very well

😂😂😂

go with python first

easier to go with

faster to learn

and the most used language in professionnal field (easier to find a job)

and can i create a website using python

Yes you can but if you want to learn how to code websites learn HTML, CSS and JavaScript

Thank you very much i appreciate

I'd suggest you start by learning programming logic

Hey everyone quick question is it worth getting the tryhackme certificate?? Or should I just do CompTIA?? or both ? i have my BA but never went for any cert and i know that wasn't the smartest thing to do. Just want a opinion.

Do comptia

It is recognized a lot more than THMs certificate

I'd only do THMs certificate for the sake of having it and not for job reasons

thank you

what can i do with THMs certificate

try to get a job, and flex that you have it
its mostly just proof of your skill which stuff like your thm ranking and progress can show anyway

Hello everyone, wants to become a network Engineer and don't have any knowledge in IT is they any place you can recommend for me to learn from, i already made my research and they are a lot of Gabbages online especially just want something step by step to put me through the right direction. Thank you

chat i need help obtaining an AD skeleton key

what is a skid master

Skid means script kiddie
So skid master would mean script kiddie master

hello guys, i have a hacker on telegram saying he knows everything that’s going on in my end and threatening to leak my info and stuff if i dont pay, can anyone help me figure out how to check if im actually being secretly monitored or to prevent and hacking im unaware of ?

thanks a lot

WTF threatening u

block him, change all of your passwords ( email etc) - make screenshots of his username, messages etc. He will not leak your info, he is playing with your mind. Reset your phone. If yu want take it further, report it to the police

Have you downloaded any cracked/pirated software or game cheats the last year? If so, he might not be lying, malware not often has what you could say, delayed fuse

And kami's advice is what actions you should take, maybe factory reset your devices if you have been a skid downloading malware

i do want to block but the guy has critical info on a relative like her snap account and he’s threatening to leak her x rated pics and shit

And get a new phone maybe, or yes, factory reset

i’ll have to factory reset

If he does that, contact police, idk what it goes under, but its surely something they take serious

did you clicked on suspicious link did you downloaded something suspicious ?

no only link he sent me was apple gold cards

apple gold cards ???

razor gold

i’m sorry

razor gold wtf is that

gift cards

gold.razer.com

a link as a gift card ?

yes link website to purchase a gift card. and i show him the code

but he doesn’t hold up on his end

what critical info? Info about nuclear military area 51? Come on, he is playing with your mind. This what he is doing is a criminal offence

https://tenor.com/view/flight-flightreacts-flight-reacts-disappointed-wtf-gif-9913249080334735589

he basically scammed you a gold razor gift card

lmao

again he stole a relative account and threatened to leak her x rated pics

so i contacted him thru telegram cuz he said text him on there if she wanted her account back

Again, its a criminal offence, he can be prosecuted for it

man these is telegram hackers i don’t have much on the guy really

i don’t know anything about cyber security

How do you know he breached the account? Does he have proof? He’s most likely bluffing. It’s not hard to OSINT someone into obtaining their relative’s usernames.

yes because when i told him i don’t have money for the items he wanted he dropped my exact banking amount and knew i had cash from a withdraw

idk how

get all of his info, phone number, username, imei nr, all of the details and report him.

and how can i do that off telegram, ik he won’t offer

i’ll pay a top hacker in here to help me out ngl

rs

Okay, that’s your bank account, maybe. Two things:

1. change your bank’s password
2. this is not related at all to the Snap account

No man, you’re setting yourself up for more scamming. Stop digging the hole any deeper.

how can i check if my data’s breached or my software is being monitored ?

phones, wifi etc

intelbase.is

It’s kinda hard to tell without more details about what exactly he claims he compromised and what sort of proof he’s shown you.

he just a good wild guesser then ?

he showed no physical proof but said exact details on little things

Also, let’s think about this logically. If he indeed compromised your bank account, why didn’t he just empty it instead of asking for gift cards?

How exactly did he show you the proof?

Like what?

my bank did get an alert saying someone was calling on my behave to clear the account and once i said it wasn’t me now my account is frozen for investigation

my amount in my account

times where he told me to stop lying about not having funds on specific wallets, cash app, apple wallet, chime

knowing when i transfer money out the accounts to show him i have nothing in them

wild guess until he starts saying exact amounts

mind you he’s texting me everyday saying i owe him $100 and if i block him it will be the worst decision i made

i’m not the one to be easily scammed but this here is more of a blackmail and i won’t have my love one violated so if i gotta throw a couple bucks out to make sure that won’t happen i will, pretty stupid but not a chance i’m willing to take especially with how advanced tech is nowadays

now i’m just looking for a way out, without paying more money and being able to recover her personal accounts and change all the info before he does

Do you use Android or iOS? Have you downloaded any weird looking files or apps recently?

ios, no downloads

just made direct contact with the hacker only on telegram

sent photos of the gift cards and told 0 personal information, i even tried to lie about my age and location but nope

he knew

which costed me more $

Did he ask for the gift cards before or after he told you your banking details? Do you have 2FA setup on your accounts?

i sent them after

yes but he knows how to bypass 2Fa

he said

No, but pay attention to my exact question: did he ask for them before or after?

i said i sent them after he said that

I'm wanting to know how to hack into someone phone with just a phone number,no access to phone.want to see messages,pictures ,etc

like how to prevent shit like that ^

he asked after he said that

After he said what, exactly?

the information about my banking

Shut up, scammer

no

not possible

dont trust

What’s the best laptop recommendations? Want something to last and not slow down on me.

thnikpad lenovo

I like Thinkpad and the framework one.

I am thinking you were phished at some point, but you’re just not aware of when. Do you use the same password for multiple services?

nah

And those will work good for everything I need to run?

Desktop is good. I custom built it so I just need something portable that will do what I need it to do.

how can we prevent things like this on personal devices

sites, programs, etc

Prevent sim swapping

.

Uhh

The laptop froze twice on the same day and with the 2nd time a blue screen appeared with the error code of DRIVER POWER STATE FAILURE, i didn't update any drivers or plug any device

@oak oracle

If you know about it

Mostly Wifi or GPU issue

@jagged heart Run this: https://docs.mvt.re/en/latest/

I am actively being hacked pretty intensely. it started with my social media accounts and has escelated to lines of credit opened in my name and fraudulent charges on my card. i also see purchases with cards that have my name but are not mine but do not show up on my credit report? they have sent things to several random address in kentucky, ny, missouri, and california and i have recieved photos of the deliveries. my epic games has been rewired to someine elses email and i lost access to all my games on there. i dont understand whats going on and idk how to secure myself since i already changed all my passwords and this is still happening

Guys, which VM would you recommend for Linux distributions?

Hello , anyone have an alternative to openvpn for hackthebox ? , it is blocked where i am

Do you guys know any websites for reverse searches for phone numbers?

HELP ME

hello, are u looking for dev?

Hello guys im pretty new to this and i downloaded refus and kali linux from official websites but when i executed rufus and started to put the iso file inside the usb drive i got these warnings from widows defender Backdoor:VBS/Ace.C and Trojan:Win32/Etset1rfn (Before doing all of this i made sure to disconnect the wifi incase something went wrong so the malware is contained in that laptop until i figure something out)

plz help me is kinda urgent 😭

Please what website can I use for code cracking

@lost vapor

@lost vapor

Does John The Ripper actually work? I'm assuming it takes a while to crack the password?

Hello I got a odd question and I am not sure if someone can help mr

I need to go in to my boot loader somehow because I want to add/change some stuff on my s24 ultra

Sharing links of books on #💬・books-and-reading is allowed? I bought a nice one and wanted to share it

Btw I shared, but lmk if it is not allowed

No we dont help with this. Please read the #📜・rules

@steady palm

We are not gonna help you with this, read #📜・rules

No

Qhy

read the #📜・rules before you even ask why

Hlo am new into this jst wanted Some help

Yoo

https://dontasktoask.com/

any good source to learn about LLM attack or any other AI hacking ?

think HTB has a cert about it, so they must have something related to the subject

is it require some subscription thought?

https://giphy.com/gifs/dexter-zesmhmdi-zesbrevv-sZEl1yTi26mJzrI4VN

Like we have now claude mythos
What you think now can it replace or effect cybersecurity and ethical Hackers

I want to get an id for aviator

Id for avioator prediction

I heard that mythos of anthropoic got hacked …..please who has the url or access

The NSA does if you ask them nice 🙂

Contact the vendor for an id

Vendor

How can i get the vendor

Email the vendor

Or pay for access

From a legit service and not try to baypass stuff

When people online say to document your projects or labs that you build what does it mean? Like how I do document something? Because like I could explain what ever I did in 5 sentences or less which doesn't look good when someone asks me to explain. Or whenever I hear this I can the only thing that comes to mind are like the commands if I used any.
Here is an example I will be getting a VPS and installing some services and custom discord bots on it and using docker containers, so it will be like a mini digital infrastructure for me.
How should I like document the process? And if I add into this into my resume how will like a companies recruiter know what I did in detail aka what I documented?

Medium is a good source to do it or linkedin.

I have my own website and in the blogs it shows a few of the things i have.

Making linkdinpost helps a ton too - make these useful and to show what you learned and how you think beyond it

Thank you for the answer 👍

But how do you like document?
Do just write in extreme detail what you did, why did it, how you did it (example commands) and some issues if you had or something else?

Or am I just getting the wrong meaning of documenting a project?

Check your dms

Id like to know as well if you dont mind 🙂

Nothing we can help with on that part. They told you the direction for a reason and we abide by similar rules

jesus man, is there genuinely no way to just use this thing?

Hey guys, I need assistance with bypassing a car radio for a vw, any help, thanks

.

.

I think your cooked unfortunately

Thankyou! My friend was being a dumbass and tried to use some ai to wanting to write this

😭

I have a problem in tryhackme everytime I try to use ssh2john it keeps saying command not found anyone know why it started happening? This happened in two different rooms

Hey guys! I’m working on my Security+ cert. Almost done with Prof Messor videos and doing some practical exams on the side. Do you guys have any advice or any materials that I need to go through before I take the exam?

Hello guys I'm new into this I need some help

What?

What's the best VPN advisable for handrod users

mullvad vpn is best vpn on all devices

Appreciate your response

what platform is the task on?
a bit unsure on what task 4 could be

I used Dion’s exam sets (both) and Andrew Ramdayal’s tests on Udemy. I knew a lot of the material already because of the information rollover from Net+ and also just generally being more aligned with what I’m interested in/pick up on quickly. It’s very useful to learn how to actually read and decipher CompTIA’s way of wording questions. Just have a good understanding of everything plus acronyms and study to understand and not just memorize. Good luck!

Thanks. I will definitely try out Dion’s exam set. I’m currently working on prof messers practice exam. And once I’m done with that I’m moving onto Dion’s

on new member guide the first step is pre security shall i do all the moduals on THM or shall i stop at like modual 5

does anyone know projects in python that will be useful to hacking

My vc channels are locked, how can I unlock them ?

hello i want to learn hacking, i'm a begginer

Another word of advice is to never ever buy anything on Udemy while it’s full price, sales happen all of the time. Some courses/exams are like $100+ but when they go on sale they will be like $10-20.

By chatting, you unlock them at lvl 5
#🤝・roles-info

Start with the #👥・new-member-guide

You should do all modules in pre-security module as it will teach you fundamentals for every path (Red teaming, AI security, Blue Teaming and Purple Teaming).

hello your man needs help here

in which?

i recently bought a device tht is been ooperated by admin i cant access anything before the payment is there any way to remove to be using it as a normal phpne

GM guys pls I’m new to this computer stuff but I want to become a cybersecurity engineer what do I do and what do I learn can some one help me out

its against the #📜・rules and illegal

i saw this cpming the response

Yeah I’ve noticed that. So I’m waiting for the right time to get one. I also noticed it’s sometimes cheaper to get the monthly subscription than per course fee. So I might get the subscription and get both of the ones you recommended

If you are going to keep learning and going for certain then it’ll be worth it. I personally don’t like to have too many subscriptions but if it works for you that’s awesome

I was thinking maybe just get it for a month and do as many practice exams as possible before I do my cert.

you definitely from RSA

What are you trying to secure and from whom?

Oh, uh… okay. Good luck.

Hi, I need your help in choosing a certification course which would help me get a job as a soc analyst/blue team.
Which course would u prefer

#👥・new-member-guide

For sure. Just make sure you aren’t memorizing the answers and retaking the exams over and over, because that won’t help. Anything you get wrong, dive into the concepts and learn why you got it wrong

Yes sir, I appreciate the advice. Hopefully I crack it the first time 🤞

You’ll get it. Just do the proper studying and put in the time. There will not be a moment where you will feel fully comfortable before and during the test. I’m not sure any single person has ever truly felt 100% about passing a test from them.

thats the only stress i have with this field, coz i have such a small brain i wonder how far will i get in ths field but giving up isnt an option

hello guys

first time on discord

Hey, I’m wondering is there a way to see someone’s likes on X I’m in school right now for cyber security and I have my ethical hacking class next semester, but I’m wondering is there a way to do that?

Heyy
Anyone knows a person who is part of Cryptbb or is anyone part of that here?

In this field you definitely have to be stubborn and willing to learn something. That’s how I’ve made it to this point. Consistency beats everything. Be consistent, study, learn, get hands on, and explore. You’ll do fine.

how to i gain access to the 100 days of hacking i was gonna start it.

Please take the ethical hacking course first, so they can go through the ethical part, like not attacking networks/servers you don't own.

Hello

I installed kali linux and was pen-testing a website and kali crashed now it won't boot

Can anyone help me troubleshoot

Just some random website on the WAN?

I was pentesting faceboom.com

Book

Well I am going to start by saying that what you are doing is unethical, and you might want to learn about the legalities of cybersecurity before just attacking random websites that will end up with you in a lot of trouble.

Then I will say to understand how linux works in general, so when things like this happens, you can find out why. If this is a VM, you should be able to grab another kali disk image from their website. If its the ISO, then there are a few reasons why it wouldn't boot depending on the environment. If you have it installed on a HDD/SSD, then it could be that something happened that broke the OS, and it needs a reinstall or fixing.

Crazy it was on my USB but I overwrote it

To the hdd

I also messed up the USB bc I overwrite it so the launcher for kali is gone

https://tenor.com/view/bro-is-finished-cooked-finished-dog-closing-eyes-dog-with-eyes-closed-gif-8933440936102921947

Damn I forgot about perm diff in this server lol

1 sec

hi guys, what are the most recommended methods to pentest your wordpress & plesk site?

i got all directories but nothing useful found

nmap only showed me ftp that could be bruteforced but it seems like a gamble so i wat to try a different route

hello friends , can anyone guide me to start cryptography i am very confuse .

https://cryptohack.org/

yeah i finished its introduction . but got struck at XOR properties .

so this made me thinking should i learn the concepts first or do it along with it course .

so whats your opinion ?

.

Kind people, help me out I'm a beginner in starting cybersecurity and I have eventually discovered roadmaps for learning..
Specifically,
https://github.com/Hamed233/Cybersecurity-Mastery-Roadmap

Is this GitHub repo enough for one to attain cybersecurity or are there easier methods and choices that involve myself learning from scratch instend of having to pay for any courses and books? I'm kinda broke and I'm highly indulged that I wanna learn cybersecurity, also the ones who are in cybersecurity I wanna know where did y'all start just for me to have an idea

How you i see my roles or display them?

you click your avatar

is the premium in THM worth it?

if im wanting to dive in all the way should i go all in on thm im wanting job in cyber sec

i completed the free stuff

Hmm

@lost vapor

We will not help you with this. Read #📜・rules

Big oof indeed

Go away, scammer

Be careful

Hello does anyone have any good recomendations for good tools to use?

Hey guys how's it going

is it possible still to get into cybersecurity by just doing certificates and projects or do you need to have a degree? cause im 20 and am only getting into the field now and i feel like im already super behind.

Hi, good day to you all, I'm new here, i want to learn cyber security as a skill and other hacking skills ethically and I'm willing to learn and contribute to this community and abide by it's rules and regulations, i will be glad if I can find someone to guide me through. Thank you.

#👥・new-member-guide

Hello good day all , I want to learn cybersecurity..

is the premium in THM worth it?
if im wanting to dive in all the way should i go all in on thm im wanting job in cyber sec
i completed the free stuff

Is synchronous ceh on telegram legit

VMware, VirtualBox, or Virtual Machine Manager? 🧐

Personally, I’d say if you’re still new and learning concepts you can get it

But if you understand a lot and want more hands on I’d recommend the hack the box labs

GUYS I WANTED TO KNOW ABOUT THIS CISCO CCST CYBERSECURITY CERTIFICATE COURSE ,,, is it worth buying ? because i want credits for my college ...

@lost vapor @ripe panther

It’s not a bad idea

If you’re going into cyber sec and you need credits it’s pretty decent

i really wnt to get a overview on it could u tell me what is this course exactly about ?

If your school accepts ACE credits or you need a lower division elective

i am actually an ai angr and web dev

man i really dont have idea about ace credits since i am still in my 2nd sem

It teaches how cyber threats work how networks and devices are protected how risk is assessed and what to do when a security incident happens

A lot of it is theoretical frameworks and regulations

so seems like a decent course and the exam for the certificate will be online right ?

Yes 👍

Just make sure you have decent internet so you don’t get blocked on exam day

That happened to one of my friends

My recommendation is you should probably learn about the course before you pay for it

oh shoot

exactly

If you’re set on it watch some 8hr YouTube videos about it make notes the whole time and get familiar with the course content

Then see what some of the previous exams look like

Then pay for the test

i see thanks pal !!

No prob

i saw the course duration and its like 120 hrs + so giving up like 2 hours a day will be good to go?

for 2 months

Yeah you should be fine but those are just guidelines for how long it would take you to read the textbook

You need to understand the content if you’re going into anything networking based

@native quarry i gotch you man the thing is all i care about is the credit and completion for now thank you so much for helping !!

No prob

Im not sure what the issue could be but edit the message and give OS details, virtual box version you installed thatll help people know what youre looking for

My Kali Vm booted in CLI instead of GUI. How do I resolve this

Contact jabber support

Contact Apple support

So i have question ,how to be a better SOC ,i fee like just doing attack to your vm and find the logs is not enough and building a baseline could be tricky specially if u are new in company ,so how to make sure what u flag is really an usual activity or just Baren in HR office downloading random stuff

OOOO this is a good one.
SO lets start out with this.
whats yoru skill/tech exp
how long have you been at the company

I haven’t officially started my first day yet, so right now I’m mainly preparing and sharpening my skills.

My primary focus has been penetration testing and CTFs, but I’ve also been studying SOC analysis through certifications and hands-on lab work. I built my own small lab environment where I attack my own virtual machines and then investigate the activity myself using a SIEM setup with Suricata alerts, firewall logs, and native system logs.

Do you have any IT experience?

I did 2 years of NOC (network), 5 years of systems engineering (all things IT), and now ive been at my company for a yr as a Soc analyst (L2)

Understanding the context around an alert is important:
Understanding how powershell is not really your alert - look at the alert context around it - what happened before and after the powershell was ran (grandparent, parent, child processes).

Understand how windows auth works - this includes file shares kerberos ETC.

Be willing to ask questions of why logs are the way they are and to point out blind spots (not being able to get the right logs)

malware and other nefarious acts will require some understanding of how malicious actors do things (MITRE and killchain) but you seem to be sharp in that area.

Drawing bigger pictures and showing how they connect will really help you excel and grow in the beginning @crisp star any other input?

Is this for a job interview?

@fast night

Ah didn't read the message above you

That’s solid advice honestly. The point about focusing on the context around the alert instead of tunnel-visioning on the alert itself is something I’ve been trying to practice more in my labs. Appreciate the insight,is there a place to improve my skills like some website that focuse on security operarion center skills.

can you share screenshot also which desktop envi u downloaded

A lot of SOC skills is something you learn on the job.

The biggest issue I have with SOC learning platform is that they use logs in an "best case" scenario.

A lot of time, especially during investigation you only have partial logs. 😩

And if you work with XDRs it's very very important you understand the alert name and description.

so like sherlocks with no complete logs to do complete triage

Exacly that my problem ,in tryhackme their logs just easy to detect ,and in your own lab u can figure out what is happening bc u are the attacker and defender in same time so it does not give a real experince,more like cheating ur time

Sherlock is more DFIR. Most SOC jobs don't perform in-depth analysis.

Can you elaborate more on this I really wanna know what actual work is done in SOC jobs

Can agree. And sadly analyst get stuck in this mentality and dont expand thus undetected items can go missed easily

You have either a SIEM with hundreds of use cases that trigger based on certain activity, or you use an EDR / XDR where the security software flags suspicious activity.
EDR / XDR are black boxes so you never know how their detection work exacly.

And some XDRs do funny stuff you don't understand at all lol

i created a lab using the elastic stack
and really thought it would be a good experience but the number of issues created by XDR traumatised me

You are a SOC analyst + Security Engineer at some point 😌

Also creating whitelist and fine tuning the detection is also a big part of being a SOC analyst.

So you also end up learning some query langauges like KQL, SPL and XQL

Also there is a difference between working as a SOC for a company that has their own security team and a SOC who is part of an MSSP.

i used the detection scripts of others and used them directly for my project
Can you tell me honestly do people actually learn these QL or they just know one and make use of ai fro syntax

I've learnt it via documentation since I also have to do threat hunting.

Ohh nice

Documentation is a big piece. Its hard to train most times without the examples. Ive had to learn a good bit on my own and piece together the process

Ummmm…. This is crazy out of the blue. I have a question… Would being able to glitch out of a 180 day locked paypal account Via Xoom be a bug? It’s a time exploit… Paypal doesn’t seem to care, so Maybe it isn’t? Totally locked account just had the entire locked amount(nod ya head.. sorry) wired to them via Xoom.

I just give junior SOC analyst a ransomware incident jkjk

Tell them it should be a quick close lol

IT may be the report itself. @steady palm or @prime plover any input on this one?

If a ransomware group breaches you, you have about 30 minutes to contain them before encryption starts.

Maybe 15 if it's Akira

so i guess just escalate?

make it the issue of seniors

Escalation is part of the process.
You probably have to make the decision to disconnect all DCs from the network.

Are L1 given that much privilege?
I thought the juniors dont have that much power

That's why communication is one of the most important skill set as a SOC analyst.

Thats one you better truely understand why youre taking it offline.

Probably not. That's why we don't use these tiers.

Even if youre remote

Looks like i should get a internship this summer

Every SOC analyst is basically capable of doing Incident Respond to a certain degree.

Do companies have REs for scenarios like this?

They should be. They learn by asking follow up questions from the SR people that handle the cases and ensure to follow up. Blueteaming can suck at times but its interesting across the board and you get to learn a good bit if you choose to be passionate

RE - rules of engagment?

yes

like the IR booklet
i really dont have knowledge of the common terms

Typically youll have dos and donts passed by clients (if youre an MSSP) and if youre an internal team there are structures that should have SOPs in place

Yea. We have something called Cybersecurity Standardized Operating Procedures.
Depending on the severity or actions we have to take, we are basically allowed to isolate servers, users and clients without approval of the customers if we consider it necessary.

Did you ever encounter customers that created issues like legal actions for performing isolation actions or something?

Don't think so. And it's probably not something we are ever going to hear about since it's not our job to bother with legal stuff.

Thats usually a "contract" discussion. Depending on the env you could exp fines/charges but most times starting out you wont have access to isolate OR will be told not to without approval.

We have procedures and we stick with them.

SOP's and documentation in the ticket (every detail and time stamp)

ohk

As a SOC, you are just a ticket monkey most of the time

https://tenor.com/t9C32WuMSMo.gif

Do people hire people for these jobs remotely
I wanna be an intern but got rejected from my university
they saying i cant apply to anything cause i wont be able to spend more than two months at the company

Isnt that fun

i really imagined it to be enjoyable work

I work remote but i also have EXP in the field that they would trust me to work remotely

There are benifits to working in the office JS you get to pick peoples brains easier and see more

It depends. You have to be careful not getting into an alert fatigue.

Me right now.

Yep this is the gold benefit im seeing

At least in my company, we have 1 month where we do tickets and then you switch to a role where you don't have to do tickets.

Looks like i dont have any other option than waiting

thats so good
one could explore more domains with this

anyone good in full stack and system design