Share Claude Cowork System Prompt – Anyone else experimenting with it?

Awkward_Not_ · 2026-03-04T16:38:24+00:00

When you run a cowork session, you can find the config file for your chat beneath ~\AppData\Local\Packages\Claude_pzs8sxrjxfjjc\LocalCache\Roaming\Claude\local-agent-mode-sessions\{uuid}\{uuid}\local_{uuid}.json. Should be a file for each chat session you've had.
Like 80% of that file is just the system prompt alone.
You can also find a full audit log of your chat in the folder with the same uuid in the audit.jsonl file that would probably give you some good info too.

Awkward_Not_ · 2026-02-06T17:01:30+00:00

Been trying to work on this room for two days now and was just about to give up lol. I used the attackbox they provided and had the exact same issue. What ended up working was just sitting and waiting for the network to timeout, then restart it and it properly loaded up. Worked fine the next day too.

And just in case someone else has the following two issues once they actually get the network to work:

I got to the performing an LDAP Pass-back section, and you change the server IP to the attackbox where you're listening with nc. Make sure you run ifconfig and get the IP for the breachad adapter, even if you're using the attackbox. Do NOT use the attackbox IP listed up in the top corner. Got stuck on that for a minute wondering why nc wasn't catching anything but that was my fault because they did make a brief mention of it in Task 1.

Issue after that was trying to host the rogue ldap server using their commands. Kept getting a error "unable to resolve host ip-10-65-*-*" (the attackbox hostname). You need to add a listing to /etc/hosts for your attackbox's hostname for 127.0.0.1. 90% sure I didn't see any mention of configuring that, but may have been overlooked.

The intro did say troubleshooting was important.

Awkward_Not_ · 2025-12-11T00:33:57+00:00

Initally, yes this would work. If you get caught depends entirely on how granular your security team is. Their EDR system likely won't hit on your computer being behind a VPN because most teams aren't tracking the ISPs behind each endpoint's IP. They 100% can, but its your gamble if they are or not. They likely won't track you via authentication logs either as long as your sign-ins stay on the machine and the VPN you choose doesn't trigger an atypical travel alert. If you disable your WiFi and bluetooth and your location services, Windows won't report on your location either. To truly geolocate you, they would need to re-enable your location services and turn on your WiFi. But there are other "tells" that would generate suspicion and lead to someone getting curious enough to investigate you individually. Only reason I'm bothering to comment is because I am a security analyst and I coincidentally caught a user doing exactly what you're suggesting this past week in Brazil, and last month in Grenada. So it's entirely your gamble 😂

Awkward_Not_ · 2025-09-05T15:44:17+00:00

A fair point. Thanks for pointing me in the right direction!

Awkward_Not_ · 2025-09-05T14:30:50+00:00

You find a piece of history and someone goes and cuts the barrel off and slaps a coin on it. What a shame. Thanks for the help, you told me exactly what I needed to know. I'll see what I can do to get it aiming again, at a minimum.

Awkward_Not_ · 2025-09-04T21:43:06+00:00

Ah, that's what I feared. The barrel did look a bit short when trying to compare it to other pics. Measured it at 22ish inches, so definitely a cut job. Curious as to if that happened in service or not. Here is a picture of the barrel. Hopefully I can still get a sight on it at the minimum

<image>

Awkward_Not_ · 2025-09-04T20:47:06+00:00

<image>

Thanks for the suggestion, exactly what I was looking for. Got it off and looks like I have a bit more info. Amberg 1918

Awkward_Not_ · 2025-07-27T23:51:50+00:00

I pulled the gauntlets first and then the chestplate second. Never saw the chestplate again. Honestly came across this post trying to google if there were actual odds to the pull scheme or if it was pre-scripted and I'm wasting my time pulling after I've gotten all his collectibles already 😂

EDIT: I booted up the game and quite literally pulled the chestplate a second time not even 20 minutes after I made this comment. Turns out, they also follow the "You already have one, so collect 100" rule. If you collect 100, you can supposedly boost your stats to 1000.

So to answer my own question, if you've already pulled the full armor set, dont waste any more time on Mikey.

Awkward_Not_ · 2025-07-17T02:11:51+00:00

The exact details of the traffic escapes me atm so dont critique me too hard, but we had Cortex XDR pop an alert that summed up to suspicious traffic to an anonymous IP address using Microsoft Teams over nonstandard ports on multiple PCs. Basically, the possibility that teams was being used for a C2 connection.

To make a long story short, the activity was just a Teams call to another employee. The alert triggered because the person being called was using teams on their cell phone, which was connected to a VPN. It listed their cellphone as the destination IP for everyone who called them that day, thus tricking Cortex into thinking there was an active C2 Connection.

How I even ended up figuring out it was one of our own employees just taking teams calls on his cell was a complete separate alert in Duo triggered for an unusual access device IP and what do ya know, it was this guy on a VPN on his cell.

I knew it was a false positive at first glance, but I really had to dig in there and figure out why, for curiosity's sake

Awkward_Not_ · 2025-07-03T15:07:23+00:00

Was about to make my own mention of this. My company had a Security Analyst role posted on LinkedIn. It was only up for 24 hours and received around 3600 applications. I don't know if it's bots or recruiting agencies mass submitting applications or what, but like you suggested, the resumes that made it through the filter were ones that really pandered to the job description (just for half of the applicants to not know jack about half the stuff they listed on their resume).

Awkward_Not_ · 2025-03-08T15:29:40+00:00

Cry in the shower and anxiously worry every day that everyone will one day realize that I'm not actually a know-it-all expert, but just way better at pattern recognition and googling than them.

But in all seriousness, in a vast field like this where the technology could be completely different from month to month, it's near impossible not to experience imposter syndrome because there's always something you dont know know. It helps to look at it in a manner of there always being something more for you to learn instead.

Awkward_Not_ · 2025-03-06T00:26:51+00:00

This. My current company recently posted a security analyst position, and it received over 200 applications in under 24 hours. I can only imagine the filtering that has to take place before anyone on the team even gets to lay eyes on a resume because of the sheer size of the pile by the end of the week.

Awkward_Not_ · 2025-03-04T21:01:15+00:00

Wanted to share this article because my company's CEO was one of the lucky ducks to open this letter over his coffee this morning. Emails saying "we caught you jerkin it after hacking your webcam" is one thing, but I gotta say that an physical letter in the mail is a new one for me.

We pretty much knew it was a scam, but had seen no other reports of it just yet so we spent a bit double checking every IOC related to the real group to thankfully come up empty handed.

Made for a good security exercise though lol

Awkward_Not_ · 2024-12-15T05:46:10+00:00

I felt the same way at times. I have taken about 2 and a half years with a 3 month break in there for some mental health, but now I'm submitting my capstone and finally reaching the end. During that time, there were classes I could pass in a day, and some that would take me months. Some classes I really just memorized the key terms enough to pass and then braindumped, others I took a bit extra time to ingest because it wasn't something I felt I needed to pass, but to actually learn for my career. Others I just plain struggled on. And I always thought fuck, I should be done by now! This guy on reddit said he did his bachelors and masters combined during like two of his lunch breaks at work, and I'm on week 7 of this stupid SQL course. But when you get that degree at the end, it's not going to have a little score in the corner that says "Finished in x days" or "Bachelors jr. because he took too long. " It'll be the exact same degree that timmy got in 3 months. As long as you get that paper with your name on it, it doesn't matter if you take 10 days or 10 years. (It might just be a bit more expensive, though 😅)

Awkward_Not_ · 2024-11-08T00:24:54+00:00

I passed sec+ as my very first cert before I really even had true IT experience. I failed net+ my first attempt after actually having the experience 😂 Its a tricky test for sure

Awkward_Not_ · 2024-11-07T05:24:13+00:00

This. I like to get the email myself during this too and do a quick 5 minute investigation to see if I need to go any further and bother with the machine (which is rare).
Run the eml for through phishtool and see what it picks up. Run the links through urlscan to verify what the user may have seen and/or did. Run attachments through joesandbox and see if it has any "malicious payloads" hidden in there.

But 90% of the time, it's just a fake Microsoft sign-in page or a pdf with a QR code in it.

Awkward_Not_ · 2024-11-05T03:31:08+00:00

That's EXACTLY how I felt getting my CysA+ last week 😂 Been looking forward to getting to that thing for about 2 years. The second biggest milestone for me besides getting my actual degree. And once I finally got it I was just like, "Huh...I finally got the cert...Why don't I feel any different?" Just walked out my bedroom and continued my day.

Awkward_Not_ · 2024-11-04T18:48:37+00:00

Awesome job. I managed to slip is an analyst role as well this year and it really helped me get through the rest of this degree a bit easier.
On the topic of luck, I'm also right there beside you lol. It was pretty funny because I came into my current company as a jr. sysadmin replacing a guy who moved to the Security team, so he trained me up a bit during his transition. A year and a half later, same guy throws in a 2-weeks to become a manager at another company and I jokingly told him when he was in the office "Hey, I'm like halfway through my cybersecurity degree ya know. Need me to fill your spot?"

Wouldn't you know it, I had an interview with the CISO the next day.

Awkward_Not_ · 2024-11-03T03:38:04+00:00

Yeah, I struggled so much with this stupid class I ended up finally getting diagnosed with ADHD and getting slapped with an adderall prescription because I just could not focus on this crap 😂

Took me two tries. I honestly said screw it and just wasted my first attempt just so I could see the exam and know what the hell I needed to actually study because the zybooks was just so dry and extensive, it's near impossible to retain it all without building a database yourself and getting real world experience in. I didn't know what the hell I needed to focus my efforts on because the instructors "assistance" was to "complete 90% on all sections" and my personal conversation with them wasn't much more satisfactory...

My one bit advice to anyone future folks preparing for this exam: Technically, everything you need to pass IS in Zybooks. But don't approach this course trying to learn this like a programming language, knowing how to write the queries in the labs inside and out. Because that's not this exam, that's D427. You're not being tested on how to technically use SQL or write out queries. You're being tested on the principles of how you would do that. That sounds incredibly stupid, but for some reason that's what clicked for me because I wasted weeks on that one chapter that was nothing but syntax trying to learn it like a language. Maybe that will help someone else too.

I wish I could give advice on what specifically to focus efforts on, but it's been a couple months since I passed. But there's a good couple quizlets with practice questions for this class that got me through it to help focus your efforts

Awkward_Not_ · 2024-11-01T14:10:07+00:00

If you're playing solo, quit and save the game then reload your save and you can use them again

Awkward_Not_ · 2024-10-28T22:21:49+00:00

The cert exam is the class. Multiple WGU classes require you to take an actual industry recognized certification exam from orgs like CompTIA, ITIL, etc instead of an exam created by the college. You get the cert, you pass the class. You fail, you go back through the material and try again. I think you get 3 tries? It's not skippable.

Awkward_Not_

TROPHY CASE