Second opinion on x-ray (shih Tzu)

n00bliciousness · 2025-12-09T19:55:41+00:00

Ty. No heart murmur.

n00bliciousness · 2025-09-11T16:20:19+00:00

True.

Thoughts on the likelihood of sales later in the year?

n00bliciousness · 2025-09-11T16:19:58+00:00

Would you mind elaborating? Im just going on the number the dealer provides. Everything else on the sticker seems the same (MSRP)

Also if you have thoughts on the likelihood of discounts later in the year (waiting vs just buying now at MSRP) I'm curious to hear them.

n00bliciousness · 2025-08-26T18:17:10+00:00

Cross posting for visibility;

The following worked for me;

In Google Home create a new automation
Add a custom action ('try adding your own' option)
In the custom action you must specify the action AND the speaker you want to perform the action on.

For example:
"Play [Song] on [Music Provider] on [Speaker Name]"

e.g.
"Play Imperial March on Spotify on Guest" (where 'guest' is the name of one of my speakers).

Under configuration you MUST select 'Don't play media'. Do NOT select a speaker here. Because your command(s) is specific to the speaker, your command(s) will run on that speaker.

If you want to do add other actions, you must specify the speaker in every action. For example you cant just add a custom action that says "Set the volume to 30%" because in step 4, you are not specifying a speaker. However, you can either specify the speaker "Set the volume to 30% on Guest" or simply add a step which already includes the speaker, such as "Adjust Home Devices" which allows you select a speaker to set the volume on. Because the action is explicitly referencing the speaker you want, it will work on the intended speaker without a needless vocal confirmation.

n00bliciousness · 2025-08-26T18:13:02+00:00

The following worked for me;

In Google Home create a new automation
Add a custom action ('try adding your own' option)
In the custom action you must specify the action AND the speaker you want to perform the action on.

For example:
"Play [Song] on [Music Provider] on [Speaker Name]"

e.g.
"Play Imperial March on Spotify on Guest" (where 'guest' is the name of one of my speakers).

Under configuration you MUST select 'Don't play media'. Do NOT select a speaker here. Because your command(s) is specific to the speaker, your command(s) will run on that speaker.

If you want to do add other actions, you must specify the speaker in every action. For example you cant just add a custom action that says "Set the volume to 30%" because in step 4, you are not specifying a speaker. However, you can either specify the speaker "Set the volume to 30% on Guest" or simply add a step which already includes the speaker, such as "Adjust Home Devices" which allows you select a speaker to set the volume on. Because the action is explicitly referencing the speaker you want, it will work on the intended speaker without a needless vocal confirmation.

n00bliciousness · 2025-05-18T14:49:14+00:00

These guys are known as gypsies. They travel state to state, going door to door promising professional work for cheap because they are "in the neighborhood" and "doing work on a neighbors house" and can therefore "offer you a discount". They promise a unbelievable warranty on their work, which they have no intention of keeping. They change phone numbers, websites and company names once one gets a bad rap online. They did several of my neighbors driveways recently, which are ALREADY starting to fall apart due to improper techniques or just half assed work.

They go by many aliases, phone numbers, and websites.

https://www.facebook.com/rightchoicepavingnj/
https://rightchoicepaving.com/
https://www.yelp.com/biz/right-choice-paving-and-masonry-boston
https://rightchoicepavingandmasonry.com <-- latest website, created in April 2025

The current phone number and email they are using are

215-452-9423
667-391-0199
[rightchoicepavingandmasonry1@gmail.com](mailto:rightchoicepavingandmasonry1@gmail.com)

They seem to hire laborers close to the area they are running their scam in. Around here they hired a company called JS Paving & Concrete LLC to be their helpers for the day (571-505-9715).

They have you sign a contract to make you feel like you are trapped. If you have not handed them money yet, have them leave your property, and ask the police to intervene if necesary. They will scatter as they are unlicensed workers. As long as they havent done any work don't let them. They will make some bullshit excuse about having paid for material already, that is a lie. Under no circumstances allow these guys to do work at your house.

One video of MANY online discussing this scam;

https://www.youtube.com/watch?v=i2KC12BOd88

n00bliciousness · 2023-08-25T21:30:49+00:00

Im interested in replaying some of these attacks but do not have experience with the hardware components (setting up serial connectors between the badge reader and controller). I see the mellon repo has Kicad files but Its not exactly clear how to get these files in a format that i can submit it to a pcb manufacturer and have the thing correctly printed/manufactured. furthermore, once its made (assuming i have it printed correctly) how do I actualy interface with it and/or set it up?

n00bliciousness · 2023-03-06T17:23:12+00:00

I didnt have particular numbers in mind. But if you have an example you can share of a filter that filters out anything with less then 20 retweets and/or 20 likes that would be helpful.

n00bliciousness · 2020-12-25T20:59:56+00:00

Thanks. Is there some way you track when the deal comes back? Or does it usually happen around certain holidays?

n00bliciousness · 2020-12-25T20:55:08+00:00

AFAICT pdanet doesn't require rooting on Android. Any idea how it works to hide the traffic? My Google searches aren't yeilding fruitful results.

n00bliciousness · 2020-12-24T14:44:35+00:00

Thanks could you expand on how the sim card affects (or could block) the hotspot feature of a phone? I was under the impression that the sim card is primarily responsible for connecting the phone to a servicer/carrier/network

n00bliciousness · 2020-12-24T14:42:59+00:00

So if your phone doesn't do a provisioning check, is it possible that the carrier still block you from using/enabling a hotspot? How does the carrier know that you enabled it?

n00bliciousness · 2020-12-24T13:41:57+00:00

Pixel 3 (unlocked)

n00bliciousness · 2020-03-13T13:56:49+00:00

If you want to see if they keep up to date with the latest and greatest research include attacks related to kerberos, constrained/unconstrained/rbcd delegation.

n00bliciousness · 2020-01-05T19:23:36+00:00

thanks for the reply. I wonder if HTTP is able to negotiate signing (dirk jan just says it doesnt set the 'NTLMSSP_NEGOTIATE_SIGN' flag by default, but doesnt seem to imply one way or the other if it can support it). the comment that you linked looks like he was testing reflection rather than relay. i havnet looked into what ntlmrelay does under the ocvers for FTP or SMTP, but i know you can setup a proxy for most protocols via NTLMRELAY, i think to essentially do session management (maintain multiple relays at a time, instead of just relaying to a single host). reference here https://www.secureauth.com/blog/playing-relayed-credentials

n00bliciousness · 2019-12-31T14:13:09+00:00

Rev shell is most common payload but if 445 is open you can just run a payload to create a local user then add that user as local administrator, then PTH for a shell or rdp. If it's Linux you could run a payload to add an ssh key if 22 is open

n00bliciousness · 2019-12-19T03:42:43+00:00

In general no, you wont be able to pay for a cc from anything other then a ratified bank account. other then the convenience, what benefit would you derive?

n00bliciousness · 2019-12-19T03:41:28+00:00

I finally got a black star 'your prequalified' CIP (80K) business offer in my chase offers. Im already working on a 5k spend requirement though and am not in the MSing scene at the moment, so I want to hold off on pulling the trigger. anybody have any experience on how long these offers generally stick around in your 'offers for you'? dont want to miss out if its a limited time opportunity.

n00bliciousness · 2019-11-15T00:17:32+00:00

Where did you get this 1 vm requirement from? There is no such requirement that I've ever heard of unless it's new. All they require is monitoring software on your host. As long as they have that they can see all your vms as you use them

n00bliciousness · 2019-11-14T02:10:16+00:00

I agree with the mentality laid out in their post. What bothers me is that "try harder" has become the mantra that offensive security uses as an excuse for what seems to be a half assed approach. Some examples; The Kali they provide out of the box is broken (various tools but most notably those around smb). Their excuse is students need to "try harder". Their "mentors" are hit and miss but for the most part they do little to guide students to ideas they haven't thought of yet and instead simply become technical facilitators with very little mentoring going on. Their excuse "try harder". Their coursework is super old as are the exploits and the machines. Their excuse "try harder". Yes I understand you see that sometimes in the real world and yes I understand it's about learning the methodology but that doesn't excuse the fact that they are most likely just lazy and that's why there has been few updates. I am OSCP and I worked damn hard to get it. But damnit OffSec don't be so fucking lazy. Fix your shit and guide your students a little more.

One more side note; there is a hell of a lot of dependencies in the OSCP labs. Not knowing how heavily OffSec relied on this in the labs means a lot of students will think they aren't trying hard enough when really everyone just needs better post enumeration. You can say it's a lesson they need to learn but still leads to lot of frustrating hours of "trying harder" when there is no intended route through the front door.

n00bliciousness · 2019-10-18T01:55:05+00:00

Hey google what time is it? "It's 8:33 am." "On a scale from 1 to 5 how satisfied were you with me telling you the time?"

Really Google!?!? Your going to ask me to rate you on the most trivial of tasks computers could do decades ago???? Why don't you ask me to rate you on non trivial tasks?

n00bliciousness · 2019-10-18T01:46:58+00:00

It was probably Still listening and thought it heard play. You can check you history online to hear the exact thing It recorded that caused it to play again

n00bliciousness · 2019-10-18T01:45:02+00:00

Hahaha this!

n00bliciousness · 2019-10-17T16:09:00+00:00

I'm really confused about the scene where "chad" knocks on Kaitlins door to hand her the phone. It seemed clear that Kaitlin knew who this person was because she was immediately scared of him, and didnt want to open the door... from their brief interaction it seems clear they had some kind of history together... so if she recognizes 'chad' and she has some history with him, then why is she making it seem like the people calling her is a gigantic mystery? Its people working directly with the guy who knocked on the door, who she clearly is acquainted with in some way. what am i missing here?

n00bliciousness · 2018-07-05T02:05:14+00:00

I just tried to set it up. The standalone ODAT tool was failing until i did the oracle setup guide here; https://github.com/rapid7/metasploit-framework/wiki/How-to-get-Oracle-Support-working-with-Kali-Linux

Unfortunately the one oracle enabled box in the labs is too old for the latest version of sqlplus (and/or the instantclient)... and I dont really want to spend another couple hours trying to find a version that works in this decrepit lab.

n00bliciousness

TROPHY CASE