I use a MacBook for THM and it works fine. You can run Kali inside virtual box and do everything you need to do. Some tasks you can do just fine from macOS as well, but running a virtualized Kali is usually easiest.
the best one I encountered and this is the one I personally use, is obsidian.md really the best one I could find, cross platform, easy to learn, GREAT community extensions, currently I don't have a single complain
I believe the issue lies in how your routing table is forwarding your packets. You need to have the packets be encapsulated by your try hack me VPN first, then encapsulated by the Mullvad VPN.
I know nothing about configuring Linux routing tables, perhaps this stack-overflow question can guide you in the correct direction.
P.S You may also need to look into the implications of Double-NAT'ing.
I'm Just using Word, it's nothing crazy but it allows me to make headers and bullets with a simple query box and fits my needs. For screenshots I use the Windows builtin Snipping Tool. I've seen onenote suggested as well, and that will let you do all of the same things. I want to say that in the ethical hacking course for TCM they go over some alternatives that all seem really viable.
I think recently I've seen Obsidian used in some ippsec videos and it looks really cool but looks like it has a bit of a learning curve and there are a finite amount of braincells I have to dedicate to any one given thing:
(I'd really like to see THM do a room on note-taking)
I would like to make a shout out to Obsidian, which is an awesome (closed source, but still ethical) note taking program. It is cross-platform, lots of plugins, looks nice and has awesome linking capabilities. My main reason for using it, is that it's "future proof" in that it is just Markdown editor. All the files in the vault can easily be checked into git, or synced in other ways. By doing that, all the settings, plugins and files are synced as it resides in the vault folder. It's also possible to have multiple vaults.
If you're more into open source, Joplin is fantastic. It can also export/sync to Markdown, but the main data is in some database file.
I'm not using FoxyProxy but when you say "FoxyProxy is ready by default" what do you mean? Because after you install FoxyProxy you have to configure it to use Burp and turn it on when you're using Burp.
Also what do you mean when you say 'localhost webapp'? The webapp you're trying to intercept should be running on a 10.10.x.x address, not 127.0.0.1. 127.0.0.1 is what Burp is using.
No problems connecting to firefox
When using burp i just use FoxyProxy and turn if off when not using it
I am pretty sure there is supposed to be a site running (OWASP Juice shop)
Ive used the attackbox provided by tryhack me an it works completely fine. Just wondering if i should be aware if the ARM architecture makes websites act funny or configured a different way.
In addition to what everyone else has said about Kali not being a good daily driver, please note that Kali's developers themselves recommend against this. It is a very single-purpose OS and there are much better options out there for your Primary OS. If Windows isn't doing it for you or you want to dive into Linux more broadly, then Ubuntu, Mint, Fedora, Elementary, and Manjaro are all excellent all-purpose Linux desktop systems with sane defaults and outstanding documentation/community support. If you Google a general Linux question, chances are you'll get an answer that assumes you're using Ubuntu.
If running Kali in a VM isn't working for you (I feel you on this) then run it live off of a USB. There are helpful instructions for creating a persistent USB that will save all your changes between uses.
If you are going to install Kali along side windows make sure you use two separate physical drives not just two separate partition as windows updates could break your boot loader.
I cant remember which of these tools i used to create the bootable USB to install Kali.
Universal USB Installer: https://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/
I think it was this one. YUMI: https://www.pendrivelinux.com/yumi-multiboot-usb-creator/
With YUMI you can also create a persistent file USB allowing you to install software onto a live image though it's limited to 4GB due to the limits of FAT 32 unless thats an option for NTFS now
Maybe not so much the rooms but on your profile it gives you your % out of all the try hack me users. I am in helpdesk and currently trying to break into cyber security and have a section on my resume called Try Hack Me Home Lab as well as a project called the same thing on my Linkedin, you can view it below. I also took a screen capture of my current rank and uploaded it to imgbb.com and they will create a URL to that image and I put that on my resume as proof:
TRY HACK ME HOME LAB
Set up various virtual machines via tryhackme.com and try to break into a room and capture the flag. Skills learned include Burp Suite, Wireshark, Metasploit and Linux. Currently ranked in the top 3% of all Try Hack Me users in capture the flag points and hold a Jr Penetration Tester Certification. Link to my rank below.
Hmm, i like Obsidian ... it has apps for windows, linux, android and it seems iOS as well. It should have most of the features you're describing in some capacity!
There is a sync feature that is subscription based but the app itself is free to use for none commercial use. I use it with syncthing to synchronise all my devices and it works like a charm.
Hey no need to get an additional PC to run Kali. On my Win10 machine I have VMware Workstation Player (the free version), which allows me to run virtual machines, like Kali Linux. Then search for the Kali Linux distro for VMware and run that in VMPlayer. This allows you to run a full Kali Linux OS right inside your Windows machine! It's really a cool thing. By running a VM on your machine, it gives you the opportunity to customize and install the apps you want, rather than using THM's Attack Box's that reset every time. In my Kali VM I run OpenVPN to connect to THM. One gotcha that got me, if you're running a VPN on your Win10 machine be sure to disconnect first before using OpenVPN. I was running NordVPN in Win10 and it was giving me all kinds of goofy problems when trying to connect in OpenVPN.
You can also install Kali Win-Kex on the Windows Subsystem for Linux (WSL). That way you can use linux on your windowsOS. See https://www.kali.org/news/win-kex-version-2-0/
Follow This, fixed it for me.
One other thing to keep in mind is that Obsidian Sync comes at a monthly cost ($4USD/month). I use it because I really like the convenience and the privacy (via encryption). I also see it as a cheap way to support the developer.
The Obsidian mobile apps (for iOS and Android) will be out soon, and Sync will work them too. Since this apps will be free, that $4 feels like an even better deal.
​
Edit: Obsidian Pricing
I have sec+ and I'll tell you, the defender path does nothing for you. Your best bet is to buy a study guide like this and read it cover to cover. And take lots of practice tests every day. There are some free apps... download all of them and cycle questions to get the most diverse example set.
You aren't running a VPN service on your Windows machine, are you? I ran into this problem early on. I had NordVPN actively connected on my Win10 machine, and when trying to connect to THM via OpenVPN in my Kali Linux VM box, the connection to THM was spotty at best. Once I disconnected my Nord connection, everything worked great.
I take it your using OpenVPN to access the Tryhackme boxes, and probably FoxyProxy for Burpsuite? Tryhackme probably won't load properly because of that. Open up Burpsuite and forward any requests sitting there to make sure you're able to load pages. Or, conversely, turn of FoxyProxy if you're not using it yet.
Yup! NordVPN have permission. For VPNs I'd suggest building your own, but if websites don't let you watch stuff because of it (I can't watch Netflix even though I'm UK based and my VPN is UK....) Nord is good, as it's quite cheap and their wireguard implementation is very very nice :-)
Having looked at those books in more detail, it seems they're a little outdated?! Working on CSS2 and HTML4.
I saw this instead. I have one of the same type for VB.net and its great! Should be a good alternative.