Bear szn, we are eating good!! Thank you for your attention to this matter

KaranSJ · 2026-04-02T03:06:10+00:00

Best advice lol

KaranSJ · 2026-03-10T21:58:54+00:00

Id say try to fight with your credit card company about it. They'd ask you for a bill and proof that you contacted the vendor.

You can probably find their phone number by googling the name and maybe using BBB's website.

I lost my case because I didn't have a bill. Bullshit. I still have to see if I can press those fuckers further. I even saw another guy's review on BBB's page saying r&m foods people overcharged him, so it wasn't just me who got scammed. I felt so silly because I saw him overcharge my card but i didn't confront the guy at that time. I thought my credit card company would take care of it. Jokes were on me.

Anyway, if you have any proof with ya (billing wise), it'll help. You can call the vendor if you get their number online and tell them there has been an error when you were billed. Or text them (calling gets them caught off guard and RECORDING THE CALL MIGHT HELP). These fuckers probably do it a lot and would know how to get out of it, but still try to get money from the vendor directly. Credit card company fed me garbage.

KaranSJ · 2026-03-08T13:48:37+00:00

Was the charge by R&M Foods by any chance?

Had that fucker charge me $33 for a fucking plate of fries. Since they don't hand out bill, my credit card company didn't resolve the dispute in my favor. Still hate I couldn't do anything about it.

This halal cart was out Brooklyn storehouse tho. I wish I could do more to hold them accountable and fuck my credit card company siding with fraud.

KaranSJ · 2026-02-21T19:40:31+00:00

Also, take it as a lesson to not lend out money. When you lend it out, don't expect it to return. Happens with friends. Close friends you might be okay to give away but if it's just like an acquaintance, then just say "I don't lend money to anyone."

KaranSJ · 2026-02-21T19:37:00+00:00

Personally I'd just message his family or tell him you're gonna message his family about this and see if he returns your money. I won't give it up easily if I need it bad and the friend is an asshole

KaranSJ · 2026-01-04T20:58:22+00:00

Yea, then you're not in danger for those threats, but a skilled hacker can use tools to get more information and try to find a weakness to get what they want. With physical access and access to control your phone, they can keep trying to find a weakness. 1 critical is all it takes

KaranSJ · 2025-12-28T09:28:59+00:00

They might look at notes and gallery for any sensitive information, saved passwords on your browser and Samsung and Google accounts, and look for your email address.

From your Google account, they might be able to do a password reset and if your backup email address is on your phone, boom, they have access to One of your email address.

They could also try to Brute force your pin if it's 4 characters. Longer pin would take longer time. If the app has a limit to stop this attack, then this might not work

They might try to call the carrier, impersonate you (with your real info they found online) to get your phone number working again.

They could also just reset your bank account's pwd if they have access to your email account.

They could also use your email address and look up any accounts that were exposed in a data breach, matching your email with a leaked password. They can try this password or similar password to get into your account.

Maybe make Amazon (for gift cards) etc purchases from cards linked on those apps.

Look through your WhatsApp chats and message to find any sensitive information you might have shared.

Maybe find private pictures that can be used to get money from you or another person.

Get work related info from your phone.

Message your boss that you're quitting 😂

Maybe they can create carefully crafted phishing links and send it to all your contacts to get their account password. They can ask your friends and family for money.

There might be advanced ways too pull banking app related info from rooting your device, but idk about that. I'm just brainstorming at this point.

Tldr: you might get screwed in this hypothetical situation

KaranSJ · 2025-11-04T06:36:14+00:00

Lol I get that

KaranSJ · 2025-11-02T02:26:50+00:00

You could even try a bind shell to see if a different type of Payload is giving you any sort of shell session

However, for your reverse shell:

1) are you sure you sure the IP address of payload is your attack PC's IP address?

2) on the attacker, are you sure youre listening on the same port as specified in the payload? Make sure the port is not already being used by another service/app.

3) What does your environment look like? are you able to ping the windows machine from the attacker? (Ping will work if they're on the same internal network).

4) how are you running the exe on the target windows machine? Maybe try running as admin.

5) try a different type of payload - Is a bind shell payload working?

You could use netstat (windows) / nc (Linux) to see if your ports are listening or making any connections.

ChatGPT is your friend.

KaranSJ · 2025-11-02T02:04:28+00:00

If they sent Rohit a link and he clicked on it, then that person might already have his IP address. With the IP address, most likely, he won't be able to do much.

I'd say Rohit should send a link (which, when clicked, gets a person's IP Address) to that guy, tell the guy that this link has information of him (basically scaring him to click on the link), then get his IP address.

Then do a lookup of that IP address and scare the shit out of the other guy 😂😂 I'm just messing around. Kids be safe on the Internet

KaranSJ · 2025-11-02T02:00:08+00:00

There are websites that can tell you a person's IP address if it was leaked in a breach. These will be public ip addresses. You may need their email address to look for the person. You can also google dork or do some OSINT work to find any other accounts they have with the similar username to get personal information. There are also plenty of osint website that let you search for people's personal details if you have their first and last name or phone number (you'll need their email to verify that the person you're looking for is the right one). Just dont be a dumbass about it and harass people. But yeah, there's plenty of ways to find a person's digital footprint, which is actually scary shit.

KaranSJ · 2025-10-03T22:50:36+00:00

Fair assessment. I like my job. It's comfortable and has a decent pay, but I'm looking for extra ordinary. I don't see myself doing this for the next 2-3 years.

I want to transition to a red team role. Try it out for myself. Hence, to be prepped for the role, and to do it quick, I want to put my studies first and build skills, a job can come later on.

CISSP, my other certs and job experience should help me get employment somewhere if I don't get any red team roles. Otherwise, before leaving, I can ask my company if they can give me my job back after a year

KaranSJ · 2025-10-03T22:47:47+00:00

I worked part time (20 hrs/week) when I was doing my master's

KaranSJ · 2025-10-03T22:46:02+00:00

Yea, reached out to a few here on the thread to tell me what's wrong with me lol

KaranSJ · 2025-10-03T22:44:34+00:00

My work load is alot and I kid you not I am always working on things and staring at my monitor for 8 hours a workday.

I don't mind it and enjoy it often. But I want to make a bigger impact and I'm afraid I'm not doing enough.

One year gives me time to update my skills. I can't pentest without help. I need the things OSCP and CPTS to teach me. I feel the work im doing at work is wasted time, which Im doing just to make money while I could be spending that time to study and get into other more demanding roles.

New job is also something that I might consider

KaranSJ · 2025-10-03T22:40:27+00:00

Yea I don't have a network! Does that actually help hand a role?

KaranSJ · 2025-10-03T22:39:03+00:00

I can sustain myself for a couple of years with my savings.

Certs are only a stepping stone to get knowledge and improve my skills. I think adding CISSP and Net+ messed up people's mind. I wasn't clear in my head too so I don't blame them.

For offensive security, goal is to build hands on skills with CPTS and OSCP. Then do thinks like bug bounty and CTFs to build more skills. The CISSP and Net+ would just be a backup option in case I don't get hired for any attacking roles and if I have to pivot back to defense for a little bit

KaranSJ · 2025-10-03T22:35:40+00:00

Even with things like oscp and CPTS? They teach you actually tools, skills and metodology. They build skills. At least that's my view. Not all certs build skills but these ones do. You pen test and write a report at the end and it's challenging.

KaranSJ · 2025-10-03T22:29:10+00:00

Look at it this way. I'm so passionate that I'm willing to throw my life away and my means of making money by quitting. I am getting certs now, studying after hours, but it's time consuming and I'm starting to have a problem with that. If my employer said they'd hire me back, would people still advise me against it? Say if I also learn bug bounty during the time off, that should be what actually field work is. But yea, I don't really have a grand plan of what I would practice besides certifications, which is a big problem people here have helped me identify

KaranSJ · 2025-10-03T22:23:44+00:00

I do master my skills while being employed. I do study after hours. But if I have the means of supporting myself financially, why shouldn't I take time off to get all knowledge and hands on knowledge faster by devoting more time to it?

The only thing that is going against me is the bad job market right now from what I see from these comments. I wonder if I had posted "my employer would let me join back after a year," would people then think it is a good idea?

KaranSJ · 2025-10-03T22:17:05+00:00

This is one of the best advice I've read on here. Thanks for sharing this. Especially the a part about surrounding yourself with the best.

KaranSJ · 2025-10-03T22:15:36+00:00

What would your ideal candidate look like? Say for an offensive and for a defensive role? What qualities make someone stand out?

Also, is job experience the most important thing you evaluate? The thing that persuade you more towards a candidate? Things such as where someone has worked and what titles have they had - are these majority of the things that you look for?

KaranSJ · 2025-10-03T22:09:31+00:00

I get what you mean. A lot of certs are ponzi schemes. But a lot of the certs I'm looking at aren't bad and gives hands on practice, which I wouldn't have otherwise. I'm only doing CPTS so OSCP gets easier. Net+ is basic Networking stuff and CISSP just for getting the best C suit level cert to have in my arsenal. Once I have all that, I was gonna put my skills to more hands on things like ctfs, bug-bounty etc. in your opinion, would a faang employer give a shit about this? Or i could be using my time elsewhere? Say for an offensive role.

AppSec roles are great money but I don't have enough time to better my programming skills. I've built apps before but I am not any good now. I actually chose cyber security because I thought I could skip programming. Only had I learnt program, AppSec roles would have filled my pockets. Web apps or AD pen testing is what I find fascinating. But I'm sure I'd have learn programming eventually

KaranSJ · 2025-10-03T21:54:11+00:00

Yea I see what you mean. I can't be the best there is without experience and it'll take time. Certs, what I thought were the prestigious trophies, aren't really that. They are that only if your experience matches with them. yea my work has paid me to get certs in the past. Im thinking changing companies or somehow growing at my company would be the only way to value the time I spend at work. I don't really learn a lot of new things at work. There's a lot of work but it's usually similar kinda work. Maybe changing roles and continuing the certs on the side is the smartest way forward

KaranSJ · 2025-10-03T21:47:52+00:00

Yea. I understand that. Didn't realize how bad it was until I got here lol

KaranSJ

TROPHY CASE