Ok so to be clear when I said team I mean a bunch of college students preparing for different ctfs, but these are some of the more helpful resources we have found:
Tryhackme: personal favorite especially for beginners Hackthebox: great for learning/practicing attacks Overthewire: another good ctf site
We try to build many of our own ctf like machines, then each person switches their machine with another person and the other person tries to secure the vulnerabilities without knowing anything about the machine. Once everyone has secured their machines we try to attack them using the notes made while setting them up. This is our step by step for that process.
- download an old version of a distro. (Ubuntu 14, deb 9, ect)
- install and setup the VM without any updates or changes to the default configuration
- google the distro version (Ubuntu 14.04) + vulnerabilities or exploits
- read through the different sites to find applications that had huge security issues on that version and begin installing some of the programs that have known exploits
So for example with Ubuntu 14.04 we know there are some Linux kernel exploits.
A quick Google search returned this exploit: https://www.exploit-db.com/exploits/43418
Using Ubuntu's website I looked up other critical vulnerabilities and found these: https://ubuntu.com/security/cves?q=&package=&priority=critical&version=trusty&status=
From here I could add some of the packages mentioned as having exploits and then attempt to exploit them. I could also check newer versions of Ubuntu like 16 to find vulnerabilities that would also apply to older versions.
There is also Mitre's list(s) of the most dangerous software vulnerabilities. They have one for 2023, but also a catalog of lists from previous years.
https://cwe.mitre.org/top25/archive/2023/2023_top25_list.html
Hopefully this helps!
I can give you an answer from someone who regularly downloads really old EOL versions of Ubuntu and Debian. I personally use them as part of attack and defense competitions. They are normally very close to unusable and are nearly impossible to update to a more recent or secure version. This forces my team to find creative ways to keep them working while also taking measures to isolate them as much as possible. I also use them to teach old exploits that have been patched in more recent versions, walking people through how it worked and why it existed.
It happens a lot more with Windows machines, but there might be some manufacturing systems out there that require software that won't run on modern versions of the OS. These systems often require new manufacturing tools in order to upgrade, or they need massive overhauls that smaller companies can't always afford.
I thought about this myself, and I wonder if Microsoft came in and gave them a bunch of time which caused feature creep. I am curious if Microsoft never bought Bethesda and they released it earlier, if it would be a more cohesive game without a bunch of half baked ideas.
I love all the different side and main stories, but things like outposts, ship building, and suit protections feel like they were added because why not.
No one seems to have thought about the fact that most schools have been out for those three months. Not sure exactly how much of the traffic is high schoolers and college students cheating, but that could account for at least some of the loss in traffic.
Edit: missed a word
If you download a wireguard/openVPN conf file from Proton it will let you enable nat-pmp which is basically automatic port forwarding. It seems to work fine on a Linux machine running qbittorrent, but your case might be different.
You might have some luck with a private trackers like Sportscult. They have open signups right now.
I'm kinda the opposite of you. I love Bethesda games, but the fantasy element doesn't do it for me. I never liked Skyrim or the elder scrolls series but loved the fallout series, as well as games like outer worlds. I am not going to preorder the game but I am very excited to see their take on a space rpg, because I love fallout and I love space exploration so if combined well it should become an instant favorite of mine.
I bought a fortunate 60e a few months ago to play around with. After setting up some vlans, subnets, and firewall rules I am considering just selling it. Without a license you don't even get security updates. So at this point opnsense might be my next firewall to learn on. I was just trying to my hands on what is actually being used by companies.
It would be cool to see companies start offering homelab licenses for people to play around with and get experience before buying into a whole ecosystem.
I don't think there is an app specifically for that, but you could use something like focusreader to get an RSS feed from torrent sites you want to keep a watch on.
I don't think there is a way to sort comments yet. It doesn't seem to matter what I do comments are always random for me.
I agree. I found it easier to transition because I follow mostly smaller tech subreddits that already had a presence here, or quickly started one. I only posted 70 comments total and almost nothing recently. I am more concerned about the power users, mods, and people who need things like screen readers not being able to make the jump. In my opinion Lemmy needs those users more than lurkers.
Honestly I think the AMA showed that they are not backing down. Spez answered like 14 total questions on an AMA with 30k comments the last I checked. They don't seem to care, and I don't see there being a significant number of people actually leaving reddit either, the alternatives just don't fix the problems people are having with reddit. If you use a 3rd party app because it has more features, are you going to leave the platform for another platform that only has one 3rd party app?
I heard about the fediverse before, but never made an account until a few days ago. It is kinda cool how Mastodon, Lemmy, and Kbin can interconnect somewhat, but it does not feel like a fleshed out feature to me yet. There are still too many bugs when interfacing with other parts of the fediverse.
I like how maluable it feels right now. I really feel like if I dedicate a bit of time and effort I can make changes to and improve things. Or at the least break off and do my own thing that interacts with the fediverse.
I don't like how spread out and small all the communities feel. I think piracy has 5 different communities at this point. I am also torn on not having at least a centralized login. I kinda trust sh.itjust.works with my account, but there is little assurance that the instance, and my account on it, won't just disappear or attempt to do something malicious with my email and password.
I want Lemmy to take off and I think it has potential, but I also believe it will take at least another year before I am completely satisfied with it.
This looks absolutely incredible. You have just inspired my color scheme for my next keyboard. Personally when I tried black switches they were nice, but a bit too hard for gaming. I ended up settling for box whites that I am very happy with daily driving.
Try it and tell us what happens!
/s
Honestly in my experience messing with databases in production is not a good idea. I recommend making a test instance to see what happens. The alternative is to backup the database and try it. My guess is that it will work, and there shouldn't be a huge problem from it, but there might be some strange problems that pop up from it.
Yeah I have been thinking about how to approach this issue. I don't have the kind of money to pay for a large instance to be hosted in the cloud. I am curious about the feasibility of hosting Lemmy on a physical server. The hard part being protecting the server from ddos, and other attacks.
Edit: I forgot about things like up time as well. Maintenance, internet outages, ect could all affect users on an instance, especially if there is no redundancy in the servers.
I am having the same problem, I think it might have to do with the instance maintenance reboot.
If the selfhosted community decides to create an instance, I think it would be cool to host a bunch of selfhosted communities. For example you would have the instance at example.selfhosted, then a selfhosted community, and also other communities that use selfhosted software. So example.selfhosted would have communities: selfhosted, plex, jellyfin, vaultwarden, ect.
As for leaving lemmy.ml I vote to wait a bit. I don't think there is a easy/good way to move instances at the moment. So in effect you would be abandoning this community and starting over on a different instance. Although I might be wrong about that.
I was wondering the same thing. This is one of those double edge features. On the positive side if a community moderator is no good, or an instance is getting too big, there is the simple option to just make a new community on a different instance. The downside is having a bunch of duplicate small communities is not always a better option than one big centralized one.
I like the idea of super communities, but I am not sure that is even possible with the fediverse/lemmy. There might be some way to do this manually with instances dedicated to a certain topic, but that seems like it would be overkill. Also it would be interesting to see who would end up responsible for moderating the super community.
This is fucking hilarious. I need a whole comic strip made up entirely of this character exploring the wasteland.