CTF

Introduction I haven’t been able to delve in to the SOC Simulators that TryHackMe offer yet. Most online learning platforms are more tailored for red-team experiences. A vulnerable VM will be spun up for you to attack and retrive flags, wahoo! The blue team side feels like it might take some more resources (I have nothing to back this claim up) and preparation. For a normal CTF you can give a vague note of ‘Get the root flag in /root/flag.txt’ and let the users go wild. They can get creative with their approach if they want. In a SOC simulation you don’t really want them getting creative. If you offer a phishing email you don’t want them to break in to the sender email (At least I hope that’s not what this room is about). I’m interested in how the SOC Simulator identifies correct answers. ...

Introduction I’ve been pretty busy lately. So today I’m just doing a very short little challenge room, The Game. There was a neat little game hacking room during the 2024 Advent of Cyber event. It was a pretty good teaching moment for memory overflows and exploitation. This is just a beginner/easy room. So it might not be as exciting, but I’m still happy to keep my streaks up and continue a bit of red-teaming. Let’s see what this challenge room entails! ...

Introduction Riding off of the high of recently passing my SC-200 I decided to find some free, self-paced training resources while I decide what exam I’ll go for next. Having a quick look around on LinkedIn I stumbled across Deloitte’s Cyber Job Simulator. From the overview of the course: A risk-free way to experience work on the job with us at Deloitte Australia. Practise your skills with example tasks and build your confidence to ace your applications. ...

The Brute it room on TryHackMe is an easy-level, brute-forcing focused room. From the amount of questions and questions it seems like a bit of a walkthrough, but that’s fine by me! Learn how to brute, hash cracking and escalate privileges in this box! Brute-forcing with hydra and cracking hashes with john are things I’ve done before. I’ve not escalated privileges all that often, so I’m excited to see how we can do this (Linpeas maybe? We’ll see!) ...

The corridor room on TryHackMe is an easy-level room. As the name suggests, we’ll need to look for IDORs. This should be pretty fun! I’ve mentioned previously that I’m not the best at red-team based CTFs. I prefer the SOC analyst side of things in general, but I’m getting a lot more comfortable with these challenges. You have found yourself in a strange corridor. Can you find your way back to where you came? In this challenge, you will explore potential IDOR vulnerabilities. Examine the URL endpoints you access as you navigate the website and note the hexadecimal values you find (they look an awful lot like a hash, don’t they?). This could help you uncover website locations you were not expected to access. ...