CTF Writeup: Confidential
We got our hands on a confidential case file from some self-declared āblack hat hackersā⦠it looks like they have a secret invite code. Exciting introduction. Continuing on my recent binge of blue-team focused rooms, Iāll be doing the Confidential room today. From the looks of it this seems to be a very easy room. No need to get root access or run any nmap scans. In fact we donāt need to use any security-specific tools at all! ...
SOC Simulator: Upload & Conquer
Introduction Itās time for more SOC Simulator challenges! Today Iāll be doing the Upload & Conquer scenario. You can find this on the scenarios page. This one is not another phishing-based scenario like my previous SOC simulator writeup. Phishing emails have a lot of red-flags that you can look out for. Once you know what to look for it can be fairly easy to spot. I donāt know if there will be any other phishing-based scenarios, but Iām always happy to see more content! ...
SOC Simulator: Phishing
Introduction I havenāt been able to delve in to the SOC Simulators that TryHackMe offer yet. Most online learning platforms are more tailored for red-team experiences. A vulnerable VM will be spun up for you to attack and retrive flags, wahoo! The blue team side feels like it might take some more resources (I have nothing to back this claim up) and preparation. For a normal CTF you can give a vague note of āGet the root flag in /root/flag.txtā and let the users go wild. They can get creative with their approach if they want. In a SOC simulation you donāt really want them getting creative. If you offer a phishing email you donāt want them to break in to the sender email (At least I hope thatās not what this room is about). Iām interested in how the SOC Simulator identifies correct answers. ...
CTF Writeup: The Game
Introduction Iāve been pretty busy lately. So today Iām just doing a very short little challenge room, The Game. There was a neat little game hacking room during the 2024 Advent of Cyber event. It was a pretty good teaching moment for memory overflows and exploitation. This is just a beginner/easy room. So it might not be as exciting, but Iām still happy to keep my streaks up and continue a bit of red-teaming. Letās see what this challenge room entails! ...
Tataās Cybersecurity Analyst Job Simulation
Introduction Just like my last two posts, today Iāll be going through Tataās job simulation, also available through theforage.com. Where the Mastercard simulator focused on Phishing, and the Deloitte one had a focus on network logs, this simulator is more focused on Identity and Access Management. Iāve not heard of Tata before. After a quick search I found out theyāre an Indian multinational. They look like a Tesla competitor based on how their EVs look. What the company does doesnāt really matter. A phishing email is a phishing email at the end of the day. Weāll not be looking at Phishing today though (Unfortunately), time to delve into IAM. ...