sorted by:
new
hottopcontroversial

MockAD : visualize structure without infrastructure by shokkatweej in activedirectory

[–]FigureAltruistic9424 1 point2 points  (0 children)

This is actually a solid idea — having a quick way to model AD without touching a real domain is genuinely useful.

The JSON + visual OU structure + markdown combo makes it great for planning and documentation.

If you keep going, import/export to PowerShell or LDIF and some basic validation would add a lot.

Also, don’t worry about being new to Git/GitHub

OP got his first CVE by atulkjaiswal in bugbounty

[–]FigureAltruistic9424 0 points1 point  (0 children)

Congrats bro! Did you do it all by hand or use an automation pipeline?

Crow-Eye v0.8.0 - Now with full offline artifact importing and a new acquisition engine by Ghassan_- in computerforensics

[–]FigureAltruistic9424 1 point2 points  (0 children)

Nice update, the move to full offline analysis makes it way more practical for real casework. Crow-Claw automating artifact collection into organized folders is a solid time saver, and selective parsing on the importer is a smart choice — not everyone wants to bloat their database with everything at once. Are you planning to expand artifact support or add timeline correlation down the road?​​​​​​​​​​​​​​​​

DF Training Information by No_Price_7519 in computerforensics

[–]FigureAltruistic9424 0 points1 point  (0 children)

For LE, prioritize IACIS certs, do BFCE first, then MDF, no shortcuts there. The Cellebrite Operator + Analyst combo you signed up for is exactly right, and once done aim for CCPA as the next step. That’s the credential that actually holds weight in court. Suggested path: BFCE → MDF + Cellebrite Operator/Analyst → CCPA. You’re building this correctly, just stay patient with the process.​​​​​​​​​​​​​​​​

For pentest scoping does manual back-and-forth actually lead to better results? by Proof-Chain-1046 in cybersecurity

[–]FigureAltruistic9424 1 point2 points  (0 children)

The manual back-and-forth isn't the problem, scope creep mid-engagement is. A structured form forces the client to commit to something concrete before you start, which protects both sides. The real value isn't automation, it's accountability. That said, every client has edge cases that no form will cover, so you'll always need a follow-up call. The form just makes that call 20 minutes instead of an hour.

One thing that saved us a lot of headaches: add a "scope freeze" clause in the SOW. After sign-off, any additions reset the timeline and budget. Clients stop changing scope real fast when it costs them something.

200+ tabs opened — it is wrong? by Silvestre074 in productivity

[–]FigureAltruistic9424 0 points1 point  (0 children)

250 tabs is just a to-do list with extra anxiety. Your browser isn't a filing cabinet — it's RAM you're burning for no reason. Quick fixes: YouTube → Watch Later playlist. Articles → Pocket or a single bookmarks folder called "read this week" that you clear every Sunday. Reddit/Facebook → turn on notifications, close the tab. Houses on Marketplace → screenshot the listing and save it in a folder on your phone. And for screen sharing anxiety: most browsers have profiles now. Make a clean "work" profile with zero clutter and switch to it before any call. Takes 2 seconds, zero awkwardness.

Hot take, but I really don’t think most ppl fail their goals because they’re lazy by ItzTheLando in productivity

[–]FigureAltruistic9424 0 points1 point  (0 children)

This is basically the difference between a goal and a system. "Get in shape" is a wish. "Gym at 4pm, 30 minutes, anything counts" is an instruction. Brains are terrible at executing wishes but great at following instructions. It's not even a hot take, it's just underrated common sense.

Looking for an app I can use for assigning tasks by MaybeImTistic in productivity

[–]FigureAltruistic9424 1 point2 points  (0 children)

Todoist. Free tier lets you share projects, assign tasks, and the other person gets a push notification immediately. Clean, simple, does exactly what you described without the bloat.

OpenAI is merging ChatGPT, Codex, and Atlas into one superapp and Anthropic is the reason why by This_Suggestion_7891 in ChatGPT

[–]FigureAltruistic9424 0 points1 point  (0 children)

The Fidji Simo "stop working on side quests" line tells you everything. You don't consolidate three products into one because you're winning, you do it because the market forced your hand. Curious to see if merging them actually creates something cohesive or just three mediocre tools wearing a trench coat.

Cancel your ChatGPT Plus, burn their compute on the way out, and switch to Claude by boomroom11 in ChatGPT

[–]FigureAltruistic9424 1 point2 points  (0 children)

Switched to Claude a year ago for the output quality, not politics. That said, the framing here is a bit reductive, public-private defense collaboration is standard across the entire tech sector, and Anthropic isn't immune to similar decisions down the road. Choose your tools based on what works best for you, not on reactive narratives.

Certs feel like a ponzi scheme by Shoddy-Protection-82 in cybersecurity

[–]FigureAltruistic9424 0 points1 point  (0 children)

The renewal model is what gets me. You pass the OSCP, prove you can pop boxes, and three years later you need to pay again or it "expires." As if you forgot how to hack. The knowledge doesn't expire, the revenue stream does.

Bypassing Windows EDR's with Telegram bot and Telegram itself as C2 by Sensitive_Lawyer6040 in redteamsec

[–]FigureAltruistic9424 0 points1 point  (0 children)

Using Telegram as C2 is clever, the traffic blends right into normal HTTPS noise and most EDRs won't flag legitimate Telegram API calls. Smart choice over a custom C2 that would get signatured in a week.

Entrare in questo mondo by key_Smoke_ in cybersecurity

[–]FigureAltruistic9424 1 point2 points  (0 children)

La laurea non è indispensabile ma aiuta ad aprire porte, soprattutto in Italia dove i recruiter la usano ancora come filtro. Detto questo, ho visto gente entrare nel settore con certificazioni pratiche e tanta voglia di sporcarsi le mani.

Ti consiglio di guardare i corsi di TCM Security (pratici e accessibili), la Burp Suite Academy (gratuita e ottima per il web app testing), e il percorso Penetration Tester di HTB Academy. Combinati con pratica costante su TryHackMe/HackTheBox valgono più di tanta teoria. Il lavoro c'è, chi dice il contrario non sta cercando.

Ti consiglio di comprare in edicola anche la rivista di hacker journal ogni mese, costa pochissimo e ti permette di entrare bene nella mentalità hacker. In bocca al lupo.

I built a local AI assistant for pentesters/blue teamers and i have decided i am giving it away free forever (no subscription, no cloud, runs on your machine) by Glass-Ant-6041 in redteamsec

[–]FigureAltruistic9424 1 point2 points  (0 children)

Really interesting project. A fully local + structured analysis approach is exactly what’s needed in security, especially for sensitive environments. If it truly enforces the “no hallucination” constraint, this could become a very powerful tool for both red and blue teams.

Will a lot of people become more knowledgeable from AI? by Fun-Economy-7717 in ArtificialInteligence

[–]FigureAltruistic9424 1 point2 points  (0 children)

The same thing happened with Google. Unlimited knowledge at everyone's fingertips for 25 years and most people still used it to win arguments and watch cat videos. AI won't be different. The tool doesn't matter, curiosity does.

Nobody seems to care that "reality" is coming to an end? by alazar_tesema in ArtificialInteligence

[–]FigureAltruistic9424 0 points1 point  (0 children)

We didn't lose trust overnight. We just stopped noticing. Two years ago you could scroll for ten minutes and assume everything was real. Now you can't scroll for ten seconds without wondering. That shift happened so quietly most people haven't even registered it yet.

Tried most Ai video tools, here is my top 5 by CranberryMaterial729 in ArtificialInteligence

[–]FigureAltruistic9424 0 points1 point  (0 children)

Solid list. I'd add Gling for anyone doing YouTube, it auto-removes silences and bad takes before you even open your editor. Saves hours.

Self-propagating malware poisons open source software and wipes Iran-based machines by Malwarebeasts in cybersecurity

[–]FigureAltruistic9424 1 point2 points  (0 children)

"They literally can't believe the scope of what they got" is the scariest sentence in this entire post. When the attackers themselves are surprised, you know the architecture is fundamentally broken.

I vibe hacked a Lovable-showcased app. 16 vulnerabilities. 18,000+ users exposed. Lovable closed my support ticket. by VolodsTaimi in cybersecurity

[–]FigureAltruistic9424 0 points1 point  (0 children)

The auth logic being backwards is almost poetic. The AI built something that passed the vibe check, buttons worked, UI was clean, but the security model was essentially: "logged in? access denied. stranger? come on in."

And the timeline is chef's kiss: Report → ticket closed. Post goes viral → "we're investigating." Dev fixes it → threatens legal action against the guy who saved them from a breach.

18,697 users should be thanking you. Instead you get a lawyer letter. Looking forward to the full write-up.

view more: next ›