CTF

Your email address has been leaked and you receive an email from Paypal in German. Try to analyze the suspicious email. Another LetsDefend challenge, this time focusing on Phishing emails! I’ve looked at phishing emails a lot at work. I’ve heard and read about SOC Burnout and… I’ll be honest, I’ve never really felt it. Part of what excites me in a SOC role is piecing together the story of an attack. The investigation side of SOC work scratches an itch for me. Maybe it comes from all the mystery novels I read as a kid, but putting together all the pieces of an attack and defining a clear story makes me happy. ...

You are a malware analyst investigating a suspected PowerShell malware sample. The malware is designed to establish a connection with a remote server, execute various commands, and potentially exfiltrate data. Your goal is to analyze the malware’s functionality and determine its capabilities.. I’ve not used letsdefend before. A few years ago I looked at the various infosec learning platforms and decided to settle on TryHackMe. In my recent posts I’ve branched out to CyberDefenders, and today I’ll be trying out the PowerShell Keylogger challenge. ...

Analyze network traffic for LLMNR/NBT-NS poisoning attacks using Wireshark to identify the rogue machine, compromised accounts, and affected systems. When I first saw this lad and the description I was a little confused what LLMNR and NBT-NS poisoning attackers were. I’m familiar with poisoning attacks like ARP and DNS, but the LLMNR and NBT-NS protocols didn’t ring a bell for me. A lot of cybersecurity is research and understanding concepts, so I was happy to jump into this lab from CyberDefenders and learn something new. ...

Investigate an insider threat by analyzing GitHub repositories for exposed credentials, using OSINT tools to correlate online accounts, and performing image analysis to identify locations. Unlike in any of my previous write-ups, this time I completed the entire lab before sitting down to write this. I think it’s important to keep the flow of how I answered all the questions, including any mistakes or rabbit-holes. With an OSINT focused room like this one it’s very easy to find false-positives and go on a deep dive on profiles that aren’t related at all to the target. ...

Analyze malware artifacts using threat intelligence platforms like VirusTotal to identify IOCs, C2 servers, and understand adversary tactics. Back again for another CyberDefenders lab. This time, the Yellow RAT Lab. My previous writeup had a similar premise to this lab; Analyze a malware sample and identify the TTP, IOCs, and anything else that can potentially be used to build detection rules or map out the adversary further. Let’s get into it! Scenario Here’s the introductory text we get for this lab: ...