Happy CyberSecurity Awareness Month! I wasn’t able to partake in Huntress’ CTF event last year, but I’m pretty committed to trying it out this year. I have pretty busy work days but I’ll do my best to document each day I work on this. In saying that, there’s no guarantee that I’ll be completing every single challenge. This is just me pretexting why this series of posts will stop after a few days when I get too confused to continue (That’s a joke, I hope). 👶 Cover All Your Bases The prompt we get given for today’s challenge is as follows: ...

Introduction It’s time for more SOC Simulator challenges! Today I’ll be doing the Upload & Conquer scenario. You can find this on the scenarios page. This one is not another phishing-based scenario like my previous SOC simulator writeup. Phishing emails have a lot of red-flags that you can look out for. Once you know what to look for it can be fairly easy to spot. I don’t know if there will be any other phishing-based scenarios, but I’m always happy to see more content! ...

Introduction I haven’t been able to delve in to the SOC Simulators that TryHackMe offer yet. Most online learning platforms are more tailored for red-team experiences. A vulnerable VM will be spun up for you to attack and retrive flags, wahoo! The blue team side feels like it might take some more resources (I have nothing to back this claim up) and preparation. For a normal CTF you can give a vague note of ‘Get the root flag in /root/flag.txt’ and let the users go wild. They can get creative with their approach if they want. In a SOC simulation you don’t really want them getting creative. If you offer a phishing email you don’t want them to break in to the sender email (At least I hope that’s not what this room is about). I’m interested in how the SOC Simulator identifies correct answers. ...

Introduction I’ve been pretty busy lately. So today I’m just doing a very short little challenge room, The Game. There was a neat little game hacking room during the 2024 Advent of Cyber event. It was a pretty good teaching moment for memory overflows and exploitation. This is just a beginner/easy room. So it might not be as exciting, but I’m still happy to keep my streaks up and continue a bit of red-teaming. Let’s see what this challenge room entails! ...

Introduction More blue-team challenges. Hell yeah! Today I’ll be going through the Mr Phisher room from TryHackMe. Uncover the flag in the email attachment! I received a suspicious email with a very weird-looking attachment. It keeps on asking me to “enable macros”. What are those? Interesting hook. Macros are often used in phishing documents to run unintended code. Marcos are usually disabled by default because they’ve been used maliciously so often. They are useful if you have some big crazy excel sheet that runs calculations, for example. On the more malicious side of things; I’ve seen some documents that will just have an image showing some generic looking windows error message (Like the 365 error messages) saying something like “Error: Please allow Macros to access this document.”. Y’know, normal things like that (Which you should never do.). ...