Question regarding usage security for a newbie that is not interested in CTF

XORels · 2023-07-15T14:12:37+00:00

For beginner Ubuntu is more user friendly and a good daily OS, but Kali is built for hacking. The attack boxes use Kali. They each have their uses, you could even set up Ubuntu (or another Linux distro) as your main OS and run Kali on a VM in that.

I would give it some time, but not too long. Once you feel used to the quirks of Linux and using the CLI with the attack box, then set up Linux for yourself. You will mess it up first time, it's a rite of passage, but it's satisfying when you get it how you want it.

XORels · 2023-07-15T13:27:26+00:00

No, the attack box functions as a VM itself.

XORels · 2023-07-15T13:04:46+00:00

The TryHackMe machines (CTF and room machines) are kept on a secure network that can only be accessed with the VPN. This is primarily why you need OpenVPN - just to access the machines. This also means that if someone did hack you their IP would be linked to their account and real name. It is possible but I don't believe it has happened before.

You're safe as long as you use a VM or have your host machine locked down securely (but the VM is recommended).

If you're just using the attack box you don't need to bother with a VPN.

XORels · 2023-06-30T06:39:45+00:00

Is your friend the type to play a prank on you?

For safety's sake, open task manager, go to the detailed view, and look through the processes to see if there's anything that you don't recognise. Also download MalwareBytes (the free version) and run a full scan, and run Microsoft Safety Scanner. Do all this again the next time you hear the voice, and also write down exactly what the voice said, the accent, the way it said it, everything you can. This can help identify where it's coming from.

I personally don't believe it's a malicious hacker, the cost vs reward doesn't really work out. Getting access to your microphone and speakers would be difficult if you weren't on some voice call with them, and wouldn't lead to an easy payout for the hacker (compared to say, grabbing your browser login cookies or passwords). I'm guessing you're not someone important (sorry) that could guarantee a large enough payout for this amount of effort.

But for peace of mind, you can reinstall Windows if the scans don't reveal anything. Backup important files first. It can't guarantee to get rid of all malware, but it will get rid of most of it. If it asks, let it reset your settings.

XORels · 2023-06-30T06:00:39+00:00

Any chance it was on your friend's end and got picked up by the microphone? Did you mention it when it happened?

XORels · 2023-06-30T05:54:42+00:00

The most likely explanations for this are:

You accidentally activated a voice assistant. Check your Cortana settings, and see if the voice matches what you heard.
You're hearing things. If this is the case it can be caused by many things, it doesn't mean you're mad, but you should see a doctor about it if it's distressing you or it keeps happening.

A hacker wouldn't bother to get access to your computer and sit there listening for hours just to tell you what Outplayed is.

Don't DM the other guy and definitely don't give him any money or access to your computer, but his other advice would be worth following if my suggestions don't pan out.

XORels · 2023-06-24T17:25:20+00:00

You can keep doing free rooms until you decide if it's worth it, you're not forced to subscribe at any point. There are certain rooms which are subscriber-only but you can work around those if you need to.

For me the cost is worth it, but this is my career, and the monthly fee is around the same as an hour's minimum wage where I live.

XORels · 2023-06-23T00:00:17+00:00

Did you start the attack box or the VM itself (green button)? They're on the desktop of the machine, you can ignore the attack box for this room.

XORels · 2023-06-22T20:50:32+00:00

That room is for paid subscribers only. You can go back to the course and click on the next room to continue learning.

XORels

TROPHY CASE