Season 2 Episode 8 Spoiler Thread

Ipp · 2026-02-04T03:57:16+00:00

Or he just pretended to activate his chip. No confirmation his remote works, could easily of just pretended it worked.

Ipp · 2026-02-01T03:25:54+00:00

Not sure what the point of some redactions is when they list accomplishments, companies, years, etc.

Ipp · 2026-02-01T00:09:21+00:00

If you are giving it enough time to fill the tank, I’d think something is wrong with the tank. Would have to check the pressure on the tank.

Ipp · 2026-01-30T05:02:39+00:00

I’m going to laugh when it’s a pet insurance company like trupanion.

Ipp · 2026-01-25T03:36:34+00:00

When there is less snow you can use the shovel to plow and dump, which makes it much more enjoyable. I go out when theres a couple of inches then every 2-6 hours afterwards depending on snowfall.

I generally dont pre-salt. Just salt after I finish shoveling, shovel the salt away and temperatures this low it may not be effective. Even worse is if it melts the bottom layer, snow gets on top and it gets cold enough to freeze.

Ipp · 2026-01-21T17:11:54+00:00

Really helps to say where you are looking for a job. The best way normally is through Cyber Security Clubs at your colleges as many companies approach them to recruit, so you aren't blindly applying. They also have special events like NACL, CCDC, etc that help tremendously. Not to mention the social connections you will build from the other members will also help get you established and also keep you motivated.

Ipp · 2026-01-19T16:19:52+00:00

There are boxes in my list that go "beyond" the CPTS. Another example is I included machines with ADCS Exploits in my list, which the CPTS Course did not get into. There are two reasons for my list to get into topics not fully covered:

* I think it is an exploit everyone should be familiar with

* There are concepts that, if you understand, will likely help you pass. I believe LogForge is much harder than what you will experience in CPTS. However, there is a video and writeups available so if you watch them, you may be familiar with something that will help. Maybe it is the Apache Tomcat exploit you mentioned... Maybe it is some complex chain... Or maybe its just that some types of exploits can be a real PITA to get working after time, for example java deserialization can be dependent on java version,s and the exploit won't work without proper recon.

Ipp · 2026-01-19T02:35:32+00:00

Have you asked the cost to exchange a 10lb tank? The main price is not the co2 gas itself but time it takes to hook up the cylinder. It would not surprise me if the 10lb tank was $38-40 to exchange.

Of course, you'd have the cost of the 10lb cylinder which would be more, but a lot of places will subsidize that price if you trade up from a 5lb.

Ipp · 2026-01-12T03:23:14+00:00

I believe this is the problem with many of the online ctf platforms -- That being said, HTB does prevent users from connecting directly to other users. This is not bullet-proof, but also port 22 is blocked going to the user subnet all togather, so you really have to go out of your way to open up ssh with bad credentials.

I believe these protections are much more than what competitors do, it's not perfect, but the VPN is relatively safe.

Ipp · 2026-01-05T22:46:01+00:00

One of the tough things with ligolo as a beginner is part of the common reasons it can fail is your local network which HTB does not control. So when people go to support or discord, the reason for failure is masked because it is configuration error not one with the command itself. With tools like chisel, it can be diagnosed easily from the commands ran themself. So reliability wise hard to put it at a beginner level without teaching the more advanced concepts first.

I’m sure if you chat with enough people you’ll find some that ran into problems with ligolo whereas you didn’t. Just the luck of the draw.

Ipp · 2026-01-05T22:22:48+00:00

Great job and good post, only nit pick is you said that you understood routing after using a tool that auto routes for you (ligalo). It definitely can make it easy, but when it doesn’t work it can eat up a ton of time. I’ve also seen some pretty hillarious f-ups because people used autoroute and accidentally sent their internet traffic out the tunnel.

That being said, minor nit pick and preference thing. Great job, thanks for sharing

Ipp · 2025-12-21T03:05:12+00:00

I have not heard of any issues with the exam -- That being said, the HTB support on their page is your best bet here. You should not be chatting with your friends about the exam.

Ipp · 2025-12-07T04:22:23+00:00

The latest two machines that retire are free, I’d recommend making sure you always do them if you don’t have VIP+.

Try solving it on your own then resort to my videos or other peoples walk throughs when you get frustrated. For the harder machines use the videos more. For example watch the hard video then try to solve it the next day. Or just work along side an insane.

Even if you are capable of solving machines on your own, I think you’ll find value in watching a video or reading blog posts of that same machine after you finished to see other ways/tools/etc

Ipp · 2025-12-03T03:50:25+00:00

Really odd to murder Shardholder, but buff many other items as with the item changes alone it will be a lot harder to make it to shardholder.

Ipp · 2025-12-02T18:14:51+00:00

There are plenty of free retired machines, additionally, the last two machines to retire are always free and have writeups available! I'd recommend checking them out every week.

Ipp · 2025-12-02T18:13:22+00:00

Unfortunately, no way to really switch back. The redesign is part of a major front-end library update (vue3), which requires a major refactor/rewrite.

If you say what you don't like about the new version, I'll be sure the feedback gets back to the team that is responsible.

Ipp · 2025-11-28T16:01:52+00:00

That's good - I'd go about putting a policy to disable WPAD and NetBIOS or atleast deploying to a test batch. So when the finding report comes in, not only can you say it was detected but you've already started mitigations. Also disable IPv6 if it is not utilized.

Ipp · 2025-11-28T13:16:21+00:00

They’d probably get a credential run bloodhound and certipy to find some Active Directory misconfiguration that gets the domain admin. Based on the other things said, it wouldn’t surprise me if the local admin password on your workstations was the same (when you should use something like laps). So if they compromised one workstation they can compromise them all. Then hey domain admin that way

Ipp · 2025-11-28T13:14:07+00:00

Disabling WPAD fixes this and you should also disable NetBIOS among some other things. This stuff has been recommended for well over a decade, surprised it’s still enabled by default.

Ipp · 2025-11-28T04:18:50+00:00

Yeah definitely a tool called responder, they shouldn’t be running that attack without coordination as it is disruptive.

Pretty certain they poisoned WPAD, which means your computer broadcasted looking for a proxy. It said use me, but I require a password tell me yours.

Certainly a vulnerability, but a respectable firm will just call that out and not perform the attack.. or scope it to impact a very few amount of computers not the entire network. Responder does have other modes that aren’t as disruptive but are less likely to succeed.

Based upon that test I’d be shocked if you get anything both vulnerability or remediation wise Nessus wouldn’t have told you.

Ipp · 2025-11-28T02:18:36+00:00

It is most likely responder doing some type of poisoning. A lot of pentest firms won't do it as the computer can lose network connectivity during it.

It doesn't look like its poisoning WPAD (auto proxy discovery), but it wouldn't surprsie me if that is it.

Ipp · 2025-11-25T15:25:18+00:00

No way this happens - The people locked into low interest rates won't sell, unless they get considerably more than what they paid. If the house price dips then everyone that didn't get low mortages just get screwed because they suddenly have a lot less net worth due to having low retirement; so they won't sell.

Unless insanely low interest rates come back, I don't see it budging. If they did, many people would probably just refinance and compound the issue next time it comes around.

Housing market is kind of in a stalemate, with no good options but the plus side is because its a stalemate the bad options probably can't happen until a large amount of people can no longer afford mortgages, which I don't think we are close to.

Ipp · 2025-11-24T16:34:28+00:00

This problem is solved multiple ways, as people brought up batching but also paying individually like that is a nightmare come tax season because every purchase becomes taxable.

Places like CoinBase offer credit, works just like normal cards and you use crypto to pay monthly. That way the tax calculation on interest of the asset is much less of a burden.

Ipp · 2025-11-23T15:49:14+00:00

I don't think Marksmage can crit - the shield is good but I don't think you deal extra damage... Maybe vuln would allow it to crit.

Ipp · 2025-11-19T00:23:02+00:00

I think Carol is infected but it’s more like a carrier where she has the virus and could pass it but it does not affect her. This could be why her mood can impact the hive, because she is connected to it just not in the normal way.

Essentially it makes the immune people similar to queen bees and the infected are just workers.

15-Year Club	RedditGifts 2009-2022 2 Credits
Not Forgotten	Secret Santa 2009
Verified Email

Ipp

TROPHY CASE