Posts

Introduction I haven’t been able to delve in to the SOC Simulators that TryHackMe offer yet. Most online learning platforms are more tailored for red-team experiences. A vulnerable VM will be spun up for you to attack and retrive flags, wahoo! The blue team side feels like it might take some more resources (I have nothing to back this claim up) and preparation. For a normal CTF you can give a vague note of ‘Get the root flag in /root/flag.txt’ and let the users go wild. They can get creative with their approach if they want. In a SOC simulation you don’t really want them getting creative. If you offer a phishing email you don’t want them to break in to the sender email (At least I hope that’s not what this room is about). I’m interested in how the SOC Simulator identifies correct answers. ...

Introduction I’ve been pretty busy lately. So today I’m just doing a very short little challenge room, The Game. There was a neat little game hacking room during the 2024 Advent of Cyber event. It was a pretty good teaching moment for memory overflows and exploitation. This is just a beginner/easy room. So it might not be as exciting, but I’m still happy to keep my streaks up and continue a bit of red-teaming. Let’s see what this challenge room entails! ...

Introduction More blue-team challenges. Hell yeah! Today I’ll be going through the Mr Phisher room from TryHackMe. Uncover the flag in the email attachment! I received a suspicious email with a very weird-looking attachment. It keeps on asking me to “enable macros”. What are those? Interesting hook. Macros are often used in phishing documents to run unintended code. Marcos are usually disabled by default because they’ve been used maliciously so often. They are useful if you have some big crazy excel sheet that runs calculations, for example. On the more malicious side of things; I’ve seen some documents that will just have an image showing some generic looking windows error message (Like the 365 error messages) saying something like “Error: Please allow Macros to access this document.”. Y’know, normal things like that (Which you should never do.). ...

Introduction Just like my last two posts, today I’ll be going through Tata’s job simulation, also available through theforage.com. Where the Mastercard simulator focused on Phishing, and the Deloitte one had a focus on network logs, this simulator is more focused on Identity and Access Management. I’ve not heard of Tata before. After a quick search I found out they’re an Indian multinational. They look like a Tesla competitor based on how their EVs look. What the company does doesn’t really matter. A phishing email is a phishing email at the end of the day. We’ll not be looking at Phishing today though (Unfortunately), time to delve into IAM. ...

Extract insight from a set of flagged artefacts, and distil the information into usable threat intelligence. Back to TryHackMe once again! This time I’ll be focusing on a Blue-Team heavy challenge room - Invite Only. I’ve been trying to target more threat-hunting and defensive challenges lately, so this should be fun! As per the description of the room above it doesn’t seem like we’ll need to be doing any red-team activities, so this should be fairly straightforward! ...