Deloitte's Cyber Job Simulator

Introduction Riding off of the high of recently passing my SC-200 I decided to find some free, self-paced training resources while I decide what exam I’ll go for next. Having a quick look around on LinkedIn I stumbled across Deloitte’s Cyber Job Simulator. From the overview of the course: A risk-free way to experience work on the job with us at Deloitte Australia. Practise your skills with example tasks and build your confidence to ace your applications. ...

August 11, 2025 · 13 min · 2583 words · Ligniform

CTF Writeup: Brute it

The Brute it room on TryHackMe is an easy-level, brute-forcing focused room. From the amount of questions and questions it seems like a bit of a walkthrough, but that’s fine by me! Learn how to brute, hash cracking and escalate privileges in this box! Brute-forcing with hydra and cracking hashes with john are things I’ve done before. I’ve not escalated privileges all that often, so I’m excited to see how we can do this (Linpeas maybe? We’ll see!) ...

August 10, 2025 · 11 min · 2168 words · Ligniform

CTF Writeup: Corridor

The corridor room on TryHackMe is an easy-level room. As the name suggests, we’ll need to look for IDORs. This should be pretty fun! I’ve mentioned previously that I’m not the best at red-team based CTFs. I prefer the SOC analyst side of things in general, but I’m getting a lot more comfortable with these challenges. You have found yourself in a strange corridor. Can you find your way back to where you came? In this challenge, you will explore potential IDOR vulnerabilities. Examine the URL endpoints you access as you navigate the website and note the hexadecimal values you find (they look an awful lot like a hash, don’t they?). This could help you uncover website locations you were not expected to access. ...

August 8, 2025 · 3 min · 483 words · Ligniform

PortSwigger Academy: SQL injection for hidden data

PortSwigger has a whole ‘academy’ where you can hone your Burpsuite skills. Or in my case - Learn how to actually use BurpSuite. I’ve used Burpsuite before in a few of the CTFs I’ve done, but I’ve not really dug into how to use it properly. Those few instances were just using it to capture a request to pass off the brute-forcing to hydra or blindly hoping that it would get me a flag. Burpsuite is a very useful tool, so it’s about time I train myself specifically on it. ...

August 2, 2025 · 2 min · 367 words · Ligniform

CTF Writeup: Grep

The Grep room is an OSINT challenge from TryHackMe’s red team path. I enjoy OSINT. I think it’s fun! Before I even knew what cybersecurity was or that it was a career path, I already knew my way around a few OSINT techniques. Even though I’m more interested in Blue Team work now, I’ll always be a sucker for OSINT based CTFs. SuperSecure Corp, a fast-paced startup, is currently creating a blogging platform inviting security professionals to assess its security. The challenge involves using OSINT techniques to gather information from publicly accessible sources and exploit potential vulnerabilities in the web application. ...

July 24, 2025 · 8 min · 1552 words · Ligniform