Posts

TryHackMe’s ‘Kenobi’ room is a fairly straightforward room as part of the Offensive Pentesting pathway. This room will cover accessing a Samba share, manipulating a vulnerable version of proftpd to gain initial access and escalate your privileges to root via an SUID binary. The room is a walkthrough so it should be fairly straightforward. I’m excited to dive in! Task 1 - Deploy the vulnerable machine Deploying the room is easy. TryHackMe will spin up the vulnerable room which we can connect to using the web-based attack-box, or through an OpenVPN connection. I like using the OpenVPN connection through my Kali Linux VM, but at the time of writing this isn’t available to me. Web-Based AttackBox time! ...

I’m still on my CTF grind. I’m still on the TryHackMe platform for this one. Today I’ll be doing the brains room. This is another Red Team room. Usually I like doing Blue Team excersizes, but CTF events for them are few and far between. So while I wait for more to pop up, why not do this room! It has a Red and Blue task, so it’s a bit of a Purple Team challenge. Cool! ...

Another Blue Team CTF, yay! I’ve been studying hard on TryHackMe lately. Gamifying learning is always going to draw me in better than being handed some documentation. As soon as I saw the name of this room I was excited. I use Sentinel every day, this should be easy! Link to the room found here! Task 1 This is the first time I’ve seen an Azure/Sentinel instance deployed specifically for a TryHackMe room. It’s great to see this! Sentinel is a pretty widely used SIEM, and any sorts of hands on experience is good to see. ...

First post of 2025. Only three months late, oops! Blue Team activities don’t often get any CTFs. It’s a lot more fun to exploit some fun vulnerability and get root access than sort through countless logs. However! I’ve been meaning to go back to the blue team focused tools. On the CTFs I’ve done I felt a lot more comfortable doing blue team things than I have with anything else. I’m still not sure what I want to specialize in, but analysis is my jam at the moment. ...

CTF Time! This time I’m trying out TryHackMe’s Fowsniff CTF. I’m going into this blind with no prior knowledge, so expect some detours and dead-ends. I’m also going to be censoring any flags/passwords/hashes out. Room overview This boot2root machine is brilliant for new starters. You will have to enumerate this machine by finding open ports, do some online research (its amazing how much information Google can find for you), decoding hashes, brute forcing a pop3 login and much more! ...