Zwei #TryHackMe-Räume weiter möchte ich gerne schreien. WIESO ist das so einfach, ein schrottiges #Win7 zu übernehmen? Inkl. alle Passwörter dumpen, ein goldenes Kerberos-Ticket ausstellen, Zugriff auf Kamera und Mikrofon und überhaupt alles? Ich weiß ja, dass die THM-Räume absichtlich so eingerichtet sind, dass Dinge gehen. ABER DAS SOLLTE NICHT SO EINFACH GEHEN! im Kreis renn#ITSec#ITSecurity#ITSicherheit#Windows#Hacking
Och menno. Arbeite grad noch ein paar #TryHackMe-Räume nach, wo ich während des Kurses noch Schwierigkeiten hatte. Den einen mach ich grad zum vierten Mal. Zuletzt hatte sich grad die AttackBox aufgehängt, als ich endlich im Targetsystem drinnen war. gnarf
sigh ... this is honestly sad. Today's #AOC2023 task is pretty fun, particularly for developers. It's also entirely inaccessible due to how it was set up and, as usual, could have been completely 100% doable with some super minor tweaks, which untimately come down to "allow people to bring their own tools". In this case, it would iterally involve adding one, single, link to a download instead of locking a file inside a VM only accessible over RDP. Don't get me wrong, it's great that it's an OPTION to do stuff in the browser. It's not great when it's the ONLY OPTION, and I see so many learning platforms fall into this trap. Today's video is going to be an interesting project #cybersecurity#accessibility#infosec#tryHackMe#advocacy#MightNeedToStartBreakingFingers
ooh, log analysis for #adventOfCyber today. Unfortunately the default setup is not #accessible for #screenReader users. There's a way to hack around this, it is outside the scope of the room but will be required if you are dependent on a screen reader. I will show this off in today's video, just performed the proof of concept to make sure it's doable :) @RealTryHackMe#infosec#cybersecurity
Day 7 of #TryHackMe#AdventOfCyber 2023 with a #screenReader, wherein I have to hack the system before I can hack the system :) THis one was initially not #accessible but we were able to pop a shell and make it see reason. That I had to do this isn't good, and I hope that me documenting this in this way will show off how disruptive this kind of thing is, and how easy it can be avoided. This one's a tad longer than the others because of this, as well. https://www.youtube.com/watch?v=sq_ZVbBsfRk
Please note that the videos are still processing and therefore may not have subtitles yet. If the autogenerated ones are really bad, which wouldn't surprise me, I have infrastructure in place to do better, just let me know if it's a blocker for you and we'll sort it out. I really hope the #infoSec community as a whole can learn from this, and that it paves the way forward for better #accessibility for these kinds of challenges going forward. I'm not asking for too much here, it's about time this industry moves into the 21st century where this is concerned. Let's make it happen! :)
Basically, the idea is that I go through the #AOC2023 tasks with a #screenReader, make sure the content is #accessible for as many viewers as I can. That means I narrate what I'm doing, the screen reader is audible when required, and the screen reader output is also visible on the screen.
Subtitles and transcriptions may not be up yet by the time this goes live, as it takes a minute for the autocaptioning to catch up. If it turns out these are really, really bad, which is possible, I will transcribe the videos myself using Whisper and make sure they get added to the videos.
My aim with these videos is to show off the accessibility issues that exist, point out easy fixes to them, give people who are curious about this field an introduction they can actually consume in a way that works for them, as well as just create awareness that we're here, we're not leaving, and we'd like to be part of the conversation #inclusivity is pursued.
Any feedback is, of course, more than welcome, and I wil incorporate it in videos going forward. #blind#InfoSec#cyberSecurity#hacking#contentCreator
Here we are with day number five of the #TryHackMe Advent of Cyber 2023 #accessibility showcase. This task was ...NOT accessible, but honestly I really can't blame them too much given it had to do with messing with an old DOS emulator. A bit of AI, OCR and a miniscule amount of cheating got us through it though :) Crying shame about the no soundcard over RDP thing though guys, fix pls :P https://www.youtube.com/watch?v=MVaTC2dTdRY#cybersecurity#infoSec#AOC2023
Here we go, with day 6 of the TryHackMe Advent of Cyber 2023. This time we covered buffer overflows in a way tat was, unfortunately, not at all #accessible as they built themselves a little game. A game that, if my eyes don't deceive me, I've seen before last year :P Neverthelss through some sleuthing all questions were answerable, with number six on the video playlist as a result :) https://www.youtube.com/watch?v=G55paQS24Jc#screenReader#accessibility#tryHackMe#AOC2023
Very new to Mastodon and still figuring out how to accomplish things that the other social network allows you to do with one button. I'd still rather be here though! #tryhackme
I am currently doing the #SecurityEngineer pathway at #tryhackme .
Am I the only one who thinks that #windows is just a huge mess? Everything is hidden behind 3 different apps and nothing is readily available and machine readable.
It gets even worse because they decided to translate the settings, so depending on your language settings it gets increasingly difficult to find what you want.
Geschafft. Windows hat diese Wohnung jetzt wieder verlassen. Danke #TryHackMe für den Reminder, warum ich Microsoft-Produkte vermeide. Und jetzt mach ich Feierabend.
I'm gobsmacked by how many "privacy", or in this case where you would expect people to be most private, things requiring you give up a legitimate, potentially identifying, phone number. What in the ever loving fuck?
Guess I won't be getting any help from THM/Discord.
I suppose as an aspiring "hacker" I should know how to spoof that but still...principle's errr something.
Guten Morgen aus dem Lesesessel. Mein Kalender hat mir wohl einen Streich gespielt, der Kurs heute stand ab 11 und nicht wie sonst ab 14 Uhr drin. Upside: Ich hab noch etwas Zeit, um die letzte Woche nachzuarbeiten. Puh! Habt alle einen schönen Tag und denkt ans Wassertrinken!
Is #TryHackMe a good resource to show you're trying to learn cybersec? As in do hiring folks give it much weight?
I've been trying to find a job for ages and having been at my current not so technical job for 10 years I'm looking crusty. I need some way of showing I'm both up to date and continuing to work at it.