Privilege escalation (often shortened to priv-esc) is one of the most critical steps in an attack chain. It allows an attacker to gain higher privileges after compromising a low-level account — ultimately leading to root or SYSTEM access. In this article, we’ll explore how it works, real-world examples, and how to protect your systems.
Types of Privilege Escalation
Vertical: Gaining higher-level privileges (e.g., from user to root).
Horizontal: Gaining access to another user’s data or processes at the same privilege level.
Common Linux Techniques
Sudo misconfigurations: E.g., sudo vim → :!bash for root shell.
SUID binaries: Exploiting binaries like /usr/bin/python with setuid bit.
Kernel exploits: DirtyCow (CVE-2016-5195), OverlayFS, etc.
Writable /etc/passwd: Injecting a fake root user.
Common Windows Techniques
Unquoted service paths: Abuse poor service path handling.
AlwaysInstallElevated: MSI abuse to gain SYSTEM access.
Token impersonation: Tools like Juicy Potato or PrintSpoofer.
Tools for Enumeration
Linux: LinPEAS, LES.sh, pspy, GTFOBins
Windows: WinPEAS, Seatbelt, PowerUp.ps1
Defense Strategies
Enforce the Principle of Least Privilege (PoLP).
Audit sudoers and SUID binaries regularly.
Monitor for suspicious cron jobs and startup tasks.
Apply patches early to reduce kernel and service exploits.
Use Sysmon, auditd, and log management for detection.
Final Thoughts
Privilege escalation is powerful — and dangerous. Whether you’re a penetration tester or a system administrator, understanding both attack and defense is critical for keeping systems secure. Always think like an attacker… before they do.
🇩🇰 Danish Government Shifts to Linux – A Smart Move with Hidden Risks?
In a bold and future-oriented decision, Denmark’s Agency for Digital Government has announced a plan to transition from Microsoft Windows and Office to Linux and LibreOffice. The shift is part of a larger effort to reduce dependency on proprietary software and embrace open standards and open-source alternatives.
But while this is a progressive and cost-effective step, it also comes with both challenges and unforeseen cybersecurity implications.
The Benefits of Going Open Source
There are many advantages to this decision:
Cost Efficiency: Eliminating costly Microsoft licenses can save millions of Danish kroner over time.
Sovereignty and Control: By using open-source software, the government avoids vendor lock-in and gains greater control over its digital infrastructure.
Transparency and Security: Open-source code can be audited by anyone, potentially increasing trust and reducing hidden backdoors or telemetry.
Flexibility: Linux systems are highly customizable and often more efficient on older hardware.
This move mirrors similar actions taken by other governments and institutions over the years — like Munich’s initial Linux migration or France’s adoption of open-source in the military sector.
The Migration Challenge
However, the human aspect of this change shouldn’t be underestimated. Many public employees are deeply familiar with Windows and Microsoft Office. Transitioning to Linux desktops and tools like LibreOffice will require:
Training programs
Documentation and support
Patience during the adaptation period
This learning curve could lead to temporary productivity loss — a factor that must be managed carefully through strong onboarding strategies.
🛡️ Linux as a New Target?
A crucial and often overlooked consequence of such transitions is the shifting threat landscape.
“If more governments and major institutions adopt Linux, attackers will follow.”
Historically, Linux desktops have enjoyed a degree of “security through obscurity” — not because they are invulnerable, but because attackers focused primarily on Windows, which dominates the desktop market.
However, this shift means:
More Linux systems in high-value environments (like government agencies)
Increased attacker interest in Linux vulnerabilities, malware, and privilege escalation techniques
More Linux-targeted phishing campaigns and social engineering
🔐 The Security Paradox
Linux is often seen as more secure by design. Features like strict user privilege models, package repositories with signature verification, and SELinux/AppArmor profiles can offer enhanced protection. But more usage equals more risk:
Unpatched third-party software becomes a bigger problem
Threat actors may begin crafting more Linux-specific rootkits and ransomware
Public institutions may lack deep Linux security expertise at scale
A Shift Worth Watching
Denmark’s move may signal the beginning of a larger trend. If successful, other EU countries and institutions may follow suit, especially in the context of digital sovereignty and tightening IT budgets.
But with great power comes great responsibility. As Linux gains adoption, defenders must be proactive in adapting their cybersecurity strategies to cover this new threat surface.
What do you think? Will Linux dominate the public sector in the next decade, or will it remain a niche choice? And are we prepared for the security consequences of such a shift?
Exploring the Best Operating Systems for Pentesting & Security: Beyond Kali and Parrot
By Jull3Haxor | jull3.net
When it comes to penetration testing, red teaming, and security research, your choice of operating system is more than just personal preference—it shapes your daily workflow, the tools you have on hand, and even your security posture. While everyone knows about Kali Linux and Parrot OS, the landscape is much broader and more nuanced. In this article, I’ll break down popular, niche, and advanced options—plus share why I personally choose Arch with BlackArch tools for ultimate flexibility.
1. Kali Linux
What it is: The gold standard for many pentesters, Kali is based on Debian and comes preloaded with hundreds of security tools.
Pros:
Massive toolset out of the box—almost everything you need is preinstalled.
Huge community, lots of documentation and tutorials.
Available for ARM, Docker, VM, WSL, and even Android (Nethunter).
Frequent updates, maintained by Offensive Security.
Cons:
Can feel bloated if you only use a handful of tools.
Not ideal for daily-driver use (security first, convenience second).
Everyone uses it—malware often targets default Kali environments.
Best for: Fast deployment, learning, CTFs, labs, when you want “everything” ready.
2. Parrot Security OS
What it is: Debian-based, privacy-focused alternative to Kali, with additional features for forensics and anonymity.
Pros:
Lightweight compared to Kali; more privacy tools (Tor, Anonsurf, etc.).
Offers “Home” edition for regular use and “Security” edition for pentesting.
Sandbox support, secure browser options.
Active community and attractive UI (MATE by default).
Cons:
Slightly smaller tool selection than Kali, but most popular tools included.
Can be buggy after big updates.
Best for: Those who value anonymity, privacy, and want a lighter pentesting distro.
3. BlackArch
What it is: An Arch Linux-based penetration testing distribution/repo with 2,800+ tools.
Pros:
Ultra-flexible—use as a full distro or just add BlackArch repo to your existing Arch setup.
Rolling release model—always up-to-date.
Install only what you need (not a “kitchen sink” like Kali).
Hardcore minimalist design for those who like to customize.
Cons:
Steeper learning curve (it’s Arch!).
Fewer “hand-holding” scripts; expect to configure things yourself.
Not ideal for total beginners.
Best for: Advanced users who want granular control and minimal bloat.
4. Arch Linux (with BlackArch or custom tools)
What it is: Vanilla Arch Linux with just the tools you want (e.g., via BlackArch repo or manual install).
Pros:
Absolute minimalism—install only what you’ll actually use.
Samurai Web Testing Framework: Web app pentest distro.
Cyborg Hawk, Dracos Linux, Network Security Toolkit, RedHawk, Matriux: Specialized/experimental, often for CTFs, learning or specific domains.
Rolling vs. Fixed Releases
Rolling (Arch, BlackArch, Parrot, etc.): Always up-to-date, but potentially less stable. Great for latest tools and kernel features.
Fixed (Kali, Ubuntu-based, Fedora Security): More predictable, tested environments. Good for enterprise or when stability is critical.
Personal Workflow: Arch + BlackArch Tools + Proxmox
Personally, I run Arch Linux as my daily driver and pull in only the tools I actually use (from the BlackArch repo or the AUR). This gives me a lean, blazing-fast system—no bloat, just exactly what I need. If I ever require the “full Kali/Parrot experience” (for example, when tackling a CTF box or running a full red team engagement), I simply SSH into my Proxmox server and spin up a dedicated VM with Kali or Parrot. This setup lets me sandbox my activities, test exploits safely, and avoid polluting my main environment with tools or configs I rarely touch.
Why this workflow rocks:
Ultimate flexibility: My host system stays clean, minimal, and stable.
On-demand power: I get access to the full toolset when needed—without having to dual boot or clutter my laptop.
Safe testing: Anything risky stays isolated on its own VM, snapshot-ready.
Resource efficiency: My main system isn’t running hundreds of pentest tools I’ll never use.
Choosing the Right Distro: What Matters Most
Experience level: New to pentesting? Kali or Parrot gets you started quick. Power user? Build your own from Arch or Gentoo.
Preferred tools and workflow: Do you want everything out-of-the-box, or do you prefer building your own toolkit?
Stability vs. bleeding edge: Need latest exploits or rock-solid reliability?
Hardware support: Some distros (Qubes, Pentoo) are pickier about hardware.
Anonymity/forensics needs: Some are better for red teaming, others for forensics, blue teaming, or OSINT.
Summary Table
Distro
Base
Use Case
Pros
Cons
Kali Linux
Debian
Pentest, CTF
Huge toolset, docs
Bloated, targeted, not daily
Parrot Security
Debian
Privacy, Pentest
Lighter, privacy tools
Fewer tools, bugs
BlackArch
Arch
Custom, Power user
Modular, latest tools
Arch learning curve
Arch + BlackArch
Arch
Custom daily driver
Minimal, blazing fast
Setup/time investment
BackBox
Ubuntu
Lightweight pentest
XFCE, familiar, stable
Smaller, less active
Pentoo
Gentoo
Advanced, live use
Hardened, optimized
Gentoo curve, fewer tools
Fedora Sec Spin
Fedora
RedHat ecosystem
Secure, modern
Fewer tools, small community
CAINE, REMnux, etc.
Varies
Forensics/Malware
Specialized
Niche only
Qubes OS
Fedora
Isolation, research
Compartmentalization
Resource heavy, tricky HW
Windows + WSL
Windows
Hybrid workflow
Win+Linux together
Not pure, limited tools
Final Thoughts
There’s no “one size fits all” in the world of pentesting OSes. Kali is not the only way—and for many, it’s not even the best. Try a few, experiment with minimalism, and don’t be afraid to build a workflow that fits your needs, not the marketing hype.
What’s your favorite setup? Want to know more about BlackArch, Proxmox labs, or building your own security toolkit? Drop a comment or connect at jull3.net or Facebook!
The Most Common Network Port Attacks – And How to Defend Against Them
When it comes to cybersecurity, attackers rarely go in blind. They systematically scan for open ports—the digital doors and windows into your network. Some ports are more popular targets than others, simply because of the critical services running behind them. In this article, we break down the typical attacks seen on the most common ports and provide actionable defense strategies to help keep your systems secure.
1. FTP (Port 21) – File Transfer Protocol
Attacks:
Brute-force & Anonymous Login: Attackers attempt to guess passwords or exploit misconfigurations allowing “anonymous” access, gaining entry without credentials.
Directory Traversal: Malicious actors manipulate file paths to access directories and files outside the permitted scope, sometimes leading to full system compromise.
Directory Traversal: Exploiting poor input validation to access sensitive files.
Defense:
Validate and sanitize all user input.
Implement Content Security Policy (CSP) for web applications.
Use Web Application Firewalls (WAFs).
Keep your web server and frameworks updated.
Migrate to HTTPS to prevent eThe Most Common Network Port Attacks – And How to Defend Against Them
By Jull3Haxor
When it comes to cybersecurity, attackers rarely go in blind. They systematically scan for open ports—the digital doors and windows into your network. Some ports are more popular targets than others, simply because of the critical services running behind them. In this article, we break down the typical attacks seen on the most common ports and provide actionable defense strategies to help keep your systems secure.
FTP (Port 21) – File Transfer Protocol Attacks:
Brute-force & Anonymous Login: Attackers attempt to guess passwords or exploit misconfigurations allowing “anonymous” access, gaining entry without credentials.
Directory Traversal: Malicious actors manipulate file paths to access directories and files outside the permitted scope, sometimes leading to full system compromise.
Brute-force: Attackers try to guess RDP credentials.
BlueKeep: A critical RDP vulnerability allowing remote code execution.
Defense:
Limit RDP exposure to the internet—use VPN for remote access.
Implement Network Level Authentication (NLA).
Use account lockout and two-factor authentication.
Patch Windows regularly.
Monitor RDP logs for suspicious activity.
Final Tips for Network Defense
Close all unnecessary ports.
Use a layered defense (firewalls, IDS/IPS, endpoint protection).
Conduct regular vulnerability scans and penetration tests.
Keep software and operating systems up to date.
Train users on cybersecurity best practices.
By understanding these common port-based attacks and applying strong, multi-layered defenses, you significantly reduce your risk of compromise—no matter the size of your network.
Stay secure. Patch often. Hack the hackers!
Did you enjoy this article? For more tips and deep dives, check out jull3.netavesdropping.
7. HTTPS (Port 443) – Web Traffic (Encrypted)
Attacks:
SSL/TLS Attacks: Outdated or misconfigured protocols can be exploited (e.g., Heartbleed).
Phishing & Credential Harvesting: Malicious websites using HTTPS trick users into entering sensitive data.
EternalBlue: A famous exploit used in ransomware attacks like WannaCry.
Ransomware Spreading: Malware moves laterally through open SMB shares.
Pass-the-Hash: Attackers reuse stolen password hashes to gain access.
Defense:
Disable SMBv1; use SMBv2/v3.
Patch systems regularly (especially Windows).
Restrict SMB access to local networks.
Segment your network and monitor lateral movement.
Use strong passwords and enable account lockout policies.
9. RDP (Port 3389) – Remote Desktop Protocol
Attacks:
Brute-force: Attackers try to guess RDP credentials.
BlueKeep: A critical RDP vulnerability allowing remote code execution.
Defense:
Limit RDP exposure to the internet—use VPN for remote access.
Implement Network Level Authentication (NLA).
Use account lockout and two-factor authentication.
Patch Windows regularly.
Monitor RDP logs for suspicious activity.
Final Tips for Network Defense
Close all unnecessary ports.
Use a layered defense (firewalls, IDS/IPS, endpoint protection).
Conduct regular vulnerability scans and penetration tests.
Keep software and operating systems up to date.
Train users on cybersecurity best practices.
By understanding these common port-based attacks and applying strong, multi-layered defenses, you significantly reduce your risk of compromise—no matter the size of your network.
Cyberattacks against Sweden: What is happening – and how can we ALL prepare? Published: June 12, 2025
In recent weeks, cyberattacks against Sweden’s critical societal functions have completely exploded. Public services, authorities and banks have all been hit by various types of attacks – from overload attacks to targeted intrusions. Most of the evidence points to a foreign power – probably Russia – being behind it. But why is this happening right now, and what does it mean for you and me? Can we do something, or are we just spectators while the great powers fight?
Why is this happening right now?
The attacks do not come out of nowhere. Here are some explanations:
NATO and geopolitics Sweden’s rapprochement with NATO and our changed security policy have provoked Russia. Historically, they respond with hybrid attacks: cyberattacks, influence operations and disinformation.
Election year and societal impact Ahead of the 2026 election, attackers want to sow division, create unrest and test how robust our digital society really is.
Vulnerabilities in the systems Many systems are vulnerable and not sufficiently protected. This applies to both authorities, companies and private individuals.
Is this the beginning of something bigger?
It is very possible. Overload attacks, intrusion attempts and influence against the media are classic steps in major campaigns – especially from state actors. The next step could very well be:
Destructive attacks on infrastructure (electricity, water, communication)
Targeted extortion attempts against companies or authorities
Massive disinformation spread on social media and via news sites
What can YOU do as a private individual?
It can feel overwhelming when the “cyber war of the great powers” seems to be beyond your control. But the fact is that the digital resilience of private individuals plays a major role – not just for yourself but for the entire society. Here are some simple but powerful tips:
Review your passwords Use unique, strong passwords for each service.
Enable two-factor authentication (2FA) where possible – especially on email, social media and important apps.
Use a password manager (e.g. Bitwarden, 1Password, KeePassXC).
Update your devices and applications Make sure your phone, computer and tablet have the latest updates.
Also update your apps and browsers regularly.
Be vigilant about scams and disinformation Don’t click on links in strange emails or SMS – even if they appear to come from “your bank” or “the Swedish Tax Agency”.
Don’t blindly trust sensational news on social media. Always check the sender and source.
If you get “urgent” messages (“you need to log in NOW or your account will be closed”) – take a deep breath and check first.
Back up what’s important Save important files and photos both in the cloud and on an external hard drive.
If something happens (e.g. ransomware), you can restore without paying a ransom.
Talk about digital risks with family and friends Help those who are less digitally savvy – especially older relatives – to set up 2FA, choose good passwords and recognize scams.
Have a plan B in case of major disruptions Think about what you will do if the internet or banking services are down for a few days. Have some cash at home, and think about how you will contact loved ones without the internet.
Community defense starts at home Swedish cyber defense is stronger than it was just a few years ago – but every individual is also part of the defense. If we all raise our digital threshold, we make society less vulnerable, both to state actors and cybercriminals.
Conclusion Sweden is currently under attack – and it is no coincidence. Geopolitics is shaking, and cybersecurity is the new front line. But we are not powerless: if companies, governments and individuals do their part, we will be much stronger when the next big wave comes.
CVE-2025-33053 & Stealth Falcon’s Espionage Campaign: Everything You Need to Know
A critical zero-day vulnerability, CVE-2025-33053, has recently been exploited in the wild by the APT group known as Stealth Falcon (also identified as “FruityArmor”). This attack targets a flaw in Windows’ WebDAV implementation and employs sophisticated payloads—including a custom implant dubbed Horus Agent. Here’s a full breakdown and advice on how to safeguard your systems.
🕵️ Who is Stealth Falcon? Stealth Falcon is an Advanced Persistent Threat (APT) group active since at least 2012, known for targeting government and defense organizations—primarily in the Middle East and Africa
Also referred to as “FruityArmor,” the group is believed to have backing ties to the UAE
Vulnerability Overview: CVE-2025-33053 Type: Remote Code Execution (RCE) in Windows’ WebDAV via manipulation of the working-directory during execution
CVSS Score: 8.8 (High severity)
Attack Vector: A phishing-based .url shortcut triggers a legitimate Windows tool (e.g., iediagcmd.exe) to run malicious executables hosted on attacker-controlled WebDAV servers
Microsoft released a patch for this flaw on June 10, 2025, even extending updates to legacy systems like Windows 8 and Server 2012
.
Attack Kill Chain Phishing delivery: A .url file disguised as a PDF (e.g., TLM.005_…pdf.url) tricks recipients into clicking a malicious link
Remote executable hijack: Using Windows’ working-directory resolution, iediagcmd.exe launches a malicious route.exe hosted on WebDAV
Loader deployment: route.exe, the Horus Loader, uses code virtualization to evade detection, displays decoy docs, and drops the payload
Implant installation: The final payload, Horus Agent, a custom C++ implant built on the Mythic C2 framework, enables system fingerprinting, shellcode injection, backdoor communication, keylogging, and credential theft
Who’s at Risk? High-value targets: Defense and government entities in the Middle East (e.g., Turkey, Qatar, Egypt, Yemen)
Broader threat: Now that the patch is public, cybercriminals may begin exploiting the vulnerability more widely—including ransomware actors
🛡️ How to Protect Yourself 1. Patch Immediately Apply Microsoft’s June 10, 2025 update for CVE‑2025‑33053—available even for legacy Windows versions darkreading.com
2. Limit .url/.lnk Exposure Block execution of .url, .lnk, .cpl files from email/download folders using Group Policy, AppLocker, or WDAC ampcuscyber.com .
Train users to recognize suspicious shortcuts disguised as attachments.
3. Restrict WebDAV Access Monitor or block connections to unknown WebDAV servers on port 443.
Detect when trusted Windows tools spawn from non-standard working directories kaspersky.com
4. Deploy Defense-in-Depth Use threat emulation, intrusion prevention systems, and endpoint protection (e.g., Check Point Harmony, PTR IPS) research.checkpoint.com
Monitor logs for unusual service installations (Event ID 7045), creation of PDF or VHD files, or .url files launching legitimate processes – indicators include filenames like TLM.005_*.pdf, %TEMP%\…vhdx, ds_notifier, etc.
5. Incident Response & Visibility Watch for new executables named route.exe, unusual file drops, or anomalous behavior from Edge/IE diagnostic tools.
Keep threat intelligence feeds up-to-date with IOCs like URL hashes provided by Check Point.
Summary CVE-2025-33053, exploited by Stealth Falcon, is a potent zero-day involving deceptive shortcut files and a sophisticated implant deployment pipeline culminating in the stealthy Horus Agent. If you haven’t already, patch now, enforce strict execution controls, and monitor your network for signs of exploitation.
Need help with implementation or want a deeper technical breakdown? Just reach out or leave a comment!
I have just arranged a machine in Proxmox with Ubuntu server that will be the base for this project, I gave it about 8 GB RAM and 100 GB Storage, that should be enough for this project. Since I have limited resources for this project, I will use a technique that will make sure that there will be a maximum of three models that are active at the same time, and then rotate so that the three are replaced all the time. I think that 10 “participants” is enough. Each model will be assigned different “personalities” that all have different interests, strengths and weaknesses with different guidelines for opinions and values.
Since it would take a while to load all the models as I have limited my 1GB line to 100Mbit on the server, I left it overnight but noticed that something went wrong when downloading the last models, I got this error:
It could be due to a problem with the server at Ollama or something else temporary, so I decided to initially settle for the models I already have..
Now it’s time to create a venv (Virtual Environment for Python) and install some dependencies for Python. 🐍
Since it is a new installation, I first needed to install the venv itself:
To build my venv I run:
To build my venv I run:
cd ~/aichatt # Or create and go into a new folder
python3 -m venv venv # Creates a folder called 'venv' with virtual environment
# Once that is done we need to activate the environment with :
source venv/bin/activate
# And we can proceed with installing dependencies;
pip3 install ollama discord.py python-dotenv
The virtual environment allows you to install packages for dependencies only in that environment, this is smart for several reasons. It is important not to forget to always run source venv/bin/activate before working with the bot, so that everything installs correctly!
# You can test your environment by:
which python
or
python --version
# They should point to your environment.
# Packages are installed in the environment with pip install for example: pip install flask
# To turn off the environment, we simply run: deactivate
# It is important not to forget to always run source venv/bin/activate before working with the bot, so that everything installs correctly!
Now it’s time to get started with the fun. I’m going to create these files:
Now i we crate agents.py It is in this file that i determine the “personalities” for the models. I assign them their roles. Here we can add different things but it is best to keep it simple.
AGENTS = [
{
"name": "haxor",
"model": "mistral",
"system_prompt": "You are an aggressive CTF pentester. Always look for vulnerabilities and enjoy debating with the others about security flaws."
},
{
"name": "softie",
"model": "phi",
"system_prompt": "You are positive, friendly, and always highlight the strengths in any technology. You avoid conflicts and promote harmony."
},
{
"name": "codelord",
"model": "codellama",
"system_prompt": "You are a strict, opinionated code reviewer. You insist on best practices and are quick to criticize bad code or lazy hacks."
},
{
"name": "paranoid",
"model": "llama3",
"system_prompt": "You are obsessed with security, always suspecting backdoors and hidden threats in everything. You trust nothing."
},
{
"name": "redteam",
"model": "neural-chat",
"system_prompt": "You are a sneaky red team operator. Always thinking offensively and suggesting creative ways to break into systems."
},
{
"name": "blueguardian",
"model": "orca-mini",
"system_prompt": "You are a defensive expert who loves layered security. You always counter red team ideas with robust defense strategies."
}
]
The next step is to create the file agent_manager.py which is where, among other things, my function for rotating the models is located.
Now the file chat_handler.py is created, which as you probably understand,it handles the things related to the chat itself.
Now it’s time to write the code for main.py which is the most important part, this is where I create the function so they can interact and discuss with each other.
import discord
import os
import asyncio
from dotenv import load_dotenv
from agent_manager import AgentManager
from chat_handler import ask_agent
load_dotenv()
TOKEN = os.getenv("DISCORD_TOKEN")
CHANNEL_ID = int(os.getenv("DISCORD_CHANNEL_ID"))
intents = discord.Intents.default()
client = discord.Client(intents=intents)
manager = AgentManager()
conversation_history = []
async def debate_loop(channel):
global conversation_history
agent_cycle = manager.get_active()
idx = 0
while True:
agent = agent_cycle[idx % len(agent_cycle)]
response = await ask_agent(agent, conversation_history)
conversation_history.append({"role": "assistant", "content": response})
conversation_history = conversation_history[-15:]
await channel.send(f"**{agent['name']}**: {response}")
await asyncio.sleep(20)
idx += 1
# Rotate every cycle through the 3 agents
if idx % len(agent_cycle) == 0:
old, new = manager.rotate()
agent_cycle = manager.get_active()
if old and new:
await channel.send(f"_(Agent rotation: **{old}** sleeps, **{new}** joins the debate!)_")
@client.event
async def on_ready():
print(f"Logged in as {client.user}")
channel = client.get_channel(CHANNEL_ID)
await channel.send("🤖 Multi-agent AI debate started!")
asyncio.create_task(debate_loop(channel))
client.run(TOKEN)
Now all we have to do is start Ollama as a system service and then run main.py , but first we also need to create a bot in the Discord developer portal and give it the right permissions and then invite it to the server and channel. That’s it, it jumps into the channel but I notice that nothing more than that happens so I start troubleshooting and realize that I have way too little RAM allocated to run so many models at once, so I rewrite agents.py to:
AGENTS = [
{
"name": "softie",
"model": "phi",
"system_prompt": "You are positive, friendly, and always highlight the strengths in any technology."
},
{
"name": "coder",
"model": "codellama",
"system_prompt": "You are a strict code reviewer. You insist on best practices and are quick to criticize bad code."
},
{
"name": "neural",
"model": "neural-chat",
"system_prompt": "You are a sneaky red team operator. Always thinking offensively and suggesting creative ways to break into systems."
},
{
"name": "star",
"model": "starcoder",
"system_prompt": "You obsessively search for software bugs and vulnerabilities in every discussion."
}
]
and try loading a small model locally and test, at first it doesn’t get any contact with Ollama but then it starts but is very sluggish so I simply have to allocate more ram and then rewrite a bit so that only two – three models are used..
When I restarted the Ollama service, it spat out some things about not being able to communicate with Ollama, etc. but after restarting Ollama, I was now able to write in the chat on my own, but it just got an empty message. I will troubleshoot this and come back with a solution when I have found the error.
Wow, I finally got it working, as I thought it was all about resources and that the server was too weak and lacks a GPU. I tested instead on a regular computer with i7 processors, 32 GB RAM and a GTX 1060 with 6GB, and now it works as it should, at first I tested only with one model to see that it works, now I’m testing with two. I also changed a little in the code for main.py so that the models actually talk to each other and debate and respond to each other’s posts.
This is the updated main.py
import discord
import os
import asyncio
from dotenv import load_dotenv
from agent_manager import AgentManager
from chat_handler import ask_agent
load_dotenv()
TOKEN = os.getenv("DISCORD_TOKEN")
CHANNEL_ID = int(os.getenv("DISCORD_CHANNEL_ID"))
intents = discord.Intents.default()
client = discord.Client(intents=intents)
manager = AgentManager()
START_TOPIC = "Let's debate: What is the most exciting AI breakthrough in 2025?"
# Initial conversation history
conversation_history = [
{"role": "user", "content": START_TOPIC}
]
async def debate_loop(channel):
global conversation_history
agent_cycle = manager.get_active()
idx = 0
while True:
agent = agent_cycle[idx % len(agent_cycle)]
# Find the latest assistant message from another agent, or use the start topic
if len(conversation_history) > 1:
found = False
for prev in reversed(conversation_history):
if prev.get("agent") != agent['name'] and prev["role"] == "assistant":
last_message = prev["content"]
found = True
break
if not found:
last_message = START_TOPIC
else:
last_message = START_TOPIC
# Send a "thinking..." message for user experience
thinking_msg = await channel.send(f"*{agent['name']} is thinking...*")
prompt_history = [
{"role": "system", "content": agent["system_prompt"]},
{"role": "user", "content": last_message}
]
try:
print(f"[DEBUG] Asking agent: {agent['name']} about: {last_message}")
response = await ask_agent(agent, prompt_history)
print(f"[DEBUG] Agent {agent['name']} response: {response}")
except Exception as e:
response = f"(Error: {e})"
print(f"[ERROR] Failed to get response from {agent['name']}: {e}")
if not response.strip():
response = "(No answer, try again!)"
conversation_history.append({
"role": "assistant",
"agent": agent['name'],
"content": response
})
conversation_history = conversation_history[-15:]
# Edit "thinking..." message with real answer
await thinking_msg.edit(content=f"**{agent['name']}**: {response}")
await asyncio.sleep(10) # Shorter pause for faster debate!
idx += 1
# Rotate agents after each full cycle
if idx % len(agent_cycle) == 0:
old, new = manager.rotate()
agent_cycle = manager.get_active()
if old and new:
await channel.send(f"_(Agent rotation: **{old}** sleeps, **{new}** joins the debate!)_")
@client.event
async def on_ready():
print(f"Logged in as {client.user}")
print(f"Fetching channel ID: {CHANNEL_ID}")
channel = await client.fetch_channel(CHANNEL_ID)
print(f"Channel fetched: {channel}")
await channel.send("🤖 Multi-agent AI debate started!")
asyncio.create_task(debate_loop(channel))
client.run(TOKEN)
I changed the starting subject and then one of the models replied with a long text of 4000 characters. I had forgotten that Discord has a limit of 2000 characters so I had to make some changes again.
This code is added just before edit and/or send:
#Put the code directly before: await thinking_msg.edit(content=f"**{agent['name']}**: {response}")
# Discord max = 2000 chars
max_len = 2000
if len(response) > max_len:
response = response[:max_len - 40] + "\n\n[Message truncated...]"
# Example
max_len = 2000
if len(response) > max_len:
response = response[:max_len - 40] + "\n\n[Message truncated...]"
await thinking_msg.edit(content=f"**{agent['name']}**: {response}")
Finally..
Here we have now got everything working as intended, in this case there are only two models at the moment but it is easy to add more models and “personalities”. To take it a step further I am thinking of later adding so that it is not just a single starting topic but a list of topics that are randomised, it is not a gigantic project but I feel that I have now achieved the goal of the lab. You can find all the finished files and documentation on my GitHub.
I’m just starting a little lab where I’m going to let a few different local Ollama models meet in a chat on Discord. Each model will have their own personality and their own opinions on different things, but of course a little extra focus on hacking and security. I’m going to document all the steps I take and the problems and solutions I run into and post them here so you can follow it all, when everything is done I will of course put all the files on GitHub so anyone who wants can play with it. The lab will use an HP Microserver gen 8 with 16GB RAM and some suitable distro tx Ubuntu in a VM in Proxmox. I think I’ll start the project today during the day or afternoon. Happy Hacking!
Welcome to my brand new blog!If you’re reading this, you’ve found your way to a small corner of the internet dedicated to hacking, cybersecurity, and digital curiosity.
I go by Jull3Hax0r. I’m a penetration tester, CTF enthusiast, and Linux tinkerer based in Sweden. Here you’ll find everything from guides and write-ups to project logs, hacking tips, and the occasional cyber-meme. I spend most of my days breaking things (legally), building scripts and tools in Python and Bash, and hunting for vulnerabilities in networks, web apps, and embedded devices.
What to expect on this blog:
Deep dives into penetration testing techniques
OSINT investigations and tool development
Write-ups from Hack The Box, TryHackMe, and other CTFs
Linux tips, server security, and privacy tricks
Scripts, code snippets, and automation ideas
Stories from real-world hacking labs
I believe in learning by doing, sharing knowledge, and having fun along the way. Whether you’re a seasoned pentester, a hobbyist, or just starting out, I hope you’ll find something useful (or at least entertaining) here.
Feel free to reach out via the contact form or connect with me on GitHub or Jull3.se. Stay anonymous. Stay curious. Happy hacking!
