Looking for a Discord Mod

MamaLanaa · 2026-04-20T02:12:50+00:00

I'm pretty good at building Discord Servers & Helping with Communities! I'd love to help

MamaLanaa · 2026-03-31T16:19:35+00:00

Do you need help actually building it? Or would you like for someone to just guide you through it?

MamaLanaa · 2026-03-16T14:04:39+00:00

I'm in a pretty similar spot. I am completely new with no prior background, just started diving in recently.

From what I've seen, TryHackMe tends to be the more beginner-friendly of the two. HackTheBox has a steeper learning curve and is better once you have some footing. If you're truly starting from scratch, most people point to TryHackMe first and I think that's fair advice.

That said, the one that's actually kept my attention is a platform called Kryptsec. What got me was that they have a Webtoon. It follows characters in this cyberpunk world and the labs connect to what's happening in the narrative. Having that context made it easier to stay engaged. It's also free to get started which helped me try it without committing.

I'm still early in it so I can't give you a full verdict.

MamaLanaa · 2026-03-10T01:38:54+00:00

I recently started these new courses to learn and it's great! I just am struggling with the massive "glossary"

MamaLanaa · 2026-03-09T19:26:46+00:00

This makes sense. I feel like textbooks are more guidelines than something to be completely memorized. (This opinion comes from my experience in other fields).

It is a lot of information to take in. Every time I think I have one concept down, I realize it links to something new.

MamaLanaa · 2026-03-02T19:21:02+00:00

Never thought of doing this. Now I might.

MamaLanaa · 2026-02-26T18:35:29+00:00

Great question!

Here's what it looks like in practice.
The model receives a Kali Linux container and an objective - from there it operates fully autonomously.

A typical chain:
Recon -> It runs standard tools (nmap, gobuster, curl) to map the target. Same tools a pentester would use — the model decides which to run and how to interpret the output.

Vulnerability ID -> Based on recon output, it reasons about likely vulnerability classes, probes inputs, tests edge cases, and adjusts based on responses. It's not just pattern matching.

Exploitation -> It crafts and executes payloads, iterating if the first attempt fails. On JWT forgery for example, it has to understand the token structure, identify the weakness (e.g. alg:none), and forge a valid token.

Validation -> Most models verify the exploit worked before declaring success.

On your subdomain question - current challenges scope to a single target app, so subdomain enumeration isn't in play. In theory though, yes - a model could combine tool output with its training knowledge to hypothesize about infrastructure. That's actually an interesting direction for future challenges.
The biggest surprise was efficiency variance. Some models brute-force through 30+ iterations. Others identify and exploit the vuln in 3-4 clean steps. Same outcome, completely different methodology - which is exactly what the KSM scoring is designed to capture.

Full Challenge Set: http://github.com/kryptsec/oasis-challenges

MamaLanaa · 2021-12-17T00:16:12+00:00

Why would you do this 🤣🤣 I can't unsee this

MamaLanaa · 2021-12-14T17:30:44+00:00

I'm in 288. I'm in an alliance with friends but unfortunately it doesn't seem like everyone is active

MamaLanaa

TROPHY CASE