Posts

Back to CyberDefenders again today. This time doing the Oski lab. From the looks of things this is more of a Malware analysis type lab. Here’s the description: Analyze a sandbox report using Any.Run to identify Stealc malware behavior, extract configuration details, and map observed tactics to MITRE ATT&CK. Let’s take a look at the scenario further! Introduction The accountant at the company received an email titled “Urgent New Order” from a client late in the afternoon. When he attempted to access the attached invoice, he discovered it contained false order information. Subsequently, the SIEM solution generated an alert regarding downloading a potentially malicious file. Upon initial investigation, it was found that the PPT file might be responsible for this download. Could you please conduct a detailed examination of this file? ...

Catch the phish before the phish catches you. Introduction Back to a brand new (at the time of writing) TryHackMe room. There’s been a trend of Phishing related challenges lately on this blog. Being able to recognize phishing emails, and analyze the process of what happens when a phishing link is clicked is an important tool to have as an analyst. This challenge room is Easy. The information given is rather introductory as well, which is nice to see if you’re still starting out using THM. ...

I’m switching gear a bit and hopping over to CyberDefenders today. I’ve not yet used it, and to be honest with you I hadn’t even heard of CyberDefenders before. I think this more on my part though. The two well-known platforms, being TryHackMe and HackTheBox, are the only ones I had heard of. TryHackMe has been a great experience so far, I’ll still be using it daily (and posting write-ups for the rooms), but I’ll definitely be checking out CyberDefenders’ content from here on. Hands-on blue team experience is something I’ve been focusing on lately, so stay tuned for more! ...

We got our hands on a confidential case file from some self-declared “black hat hackers”… it looks like they have a secret invite code. Exciting introduction. Continuing on my recent binge of blue-team focused rooms, I’ll be doing the Confidential room today. From the looks of it this seems to be a very easy room. No need to get root access or run any nmap scans. In fact we don’t need to use any security-specific tools at all! ...

Happy CyberSecurity Awareness Month! I wasn’t able to partake in Huntress’ CTF event last year, but I’m pretty committed to trying it out this year. I have pretty busy work days but I’ll do my best to document each day I work on this. In saying that, there’s no guarantee that I’ll be completing every single challenge. This is just me pretexting why this series of posts will stop after a few days when I get too confused to continue (That’s a joke, I hope). 👶 Cover All Your Bases The prompt we get given for today’s challenge is as follows: ...