TryHackMe

Introduction More blue-team challenges. Hell yeah! Today I’ll be going through the Mr Phisher room from TryHackMe. Uncover the flag in the email attachment! I received a suspicious email with a very weird-looking attachment. It keeps on asking me to “enable macros”. What are those? Interesting hook. Macros are often used in phishing documents to run unintended code. Marcos are usually disabled by default because they’ve been used maliciously so often. They are useful if you have some big crazy excel sheet that runs calculations, for example. On the more malicious side of things; I’ve seen some documents that will just have an image showing some generic looking windows error message (Like the 365 error messages) saying something like “Error: Please allow Macros to access this document.”. Y’know, normal things like that (Which you should never do.). ...

Extract insight from a set of flagged artefacts, and distil the information into usable threat intelligence. Back to TryHackMe once again! This time I’ll be focusing on a Blue-Team heavy challenge room - Invite Only. I’ve been trying to target more threat-hunting and defensive challenges lately, so this should be fun! As per the description of the room above it doesn’t seem like we’ll need to be doing any red-team activities, so this should be fairly straightforward! ...

The Brute it room on TryHackMe is an easy-level, brute-forcing focused room. From the amount of questions and questions it seems like a bit of a walkthrough, but that’s fine by me! Learn how to brute, hash cracking and escalate privileges in this box! Brute-forcing with hydra and cracking hashes with john are things I’ve done before. I’ve not escalated privileges all that often, so I’m excited to see how we can do this (Linpeas maybe? We’ll see!) ...

The corridor room on TryHackMe is an easy-level room. As the name suggests, we’ll need to look for IDORs. This should be pretty fun! I’ve mentioned previously that I’m not the best at red-team based CTFs. I prefer the SOC analyst side of things in general, but I’m getting a lot more comfortable with these challenges. You have found yourself in a strange corridor. Can you find your way back to where you came? In this challenge, you will explore potential IDOR vulnerabilities. Examine the URL endpoints you access as you navigate the website and note the hexadecimal values you find (they look an awful lot like a hash, don’t they?). This could help you uncover website locations you were not expected to access. ...

The Grep room is an OSINT challenge from TryHackMe’s red team path. I enjoy OSINT. I think it’s fun! Before I even knew what cybersecurity was or that it was a career path, I already knew my way around a few OSINT techniques. Even though I’m more interested in Blue Team work now, I’ll always be a sucker for OSINT based CTFs. SuperSecure Corp, a fast-paced startup, is currently creating a blogging platform inviting security professionals to assess its security. The challenge involves using OSINT techniques to gather information from publicly accessible sources and exploit potential vulnerabilities in the web application. ...