cybersecurity
OSTH Practice Exam Write-up
Overview This is a hands-on, simulated threat hunting sprint set within the fictional enterprise network of Megacorp One. This is a relevant and similar to what you might expect from
cybersecurity
OffSec - PlanetExpress
Walkthrough for PlanetExpress Summary In this walkthrough, we will exploit an exposed PHP-FPM FastCGI implementation to gain an initial foothold. We will then escalate privileges by exploiting a misconfiguration in
HackTheBoo2024
Hack-The-Boo-2024 Practice CTF: Sugar Free Candies Write-up
Challenge Overview Challenge Name Category Difficulty Link Sugar Free Candies Crypto Very Easy Link to Challenge Description For years, strange signals pulsed through the air on the eve of October
Caesar
Hack-The-Boo-2024 Practice: Sekur Julius Writeup
Challenge Overview Challenge Name Category Difficulty Link Sekur Julius Crypto Very Easy Link to Challenge Description Hidden deep in the forest was an ancient scroll, rumored to grant immense power
malware detection
OffSec Module: Malware Detection using Machine Learning
Co-authored by Iftekharul Haque (Hawk) Here, we first choose what kind of machine learning model we want to use in this process. As anyone with some little machine learning model
endpoint security
Hunting on Endpoints: Insights from OffSec TH-200 Course module 5 Section 1
In today’s world, our workstations, servers, and mobile devices are more vulnerable than ever. They are prime targets for cybercriminals looking to execute malicious code and infiltrate networks. With
ransomware
Threat Hunting With Network: Insights from OffSec TH-200 Course module 4
In this write-up, we will explore how to effectively hunt for ransomware from a network perspective, focusing on identifying Indicators of Compromise (IoCs) related to LockBit ransomware. The scenario in
threat
Communication and Reporting for Threat Hunters: Insights from OffSec TH-200 Course module 3
In today’s complex cybersecurity landscape, no organization can afford to work in isolation. For threat hunters, success hinges on two key factors: timely intelligence and effective communication. In Module
web
PicoCTF - trickster
This is a challenge from picoCTF titled 'trickster' from web exploitation category. It's needless to say that this one is a little trickier as the name
ransomware
Ransomware Actors and Their Strategies: Insights from OffSec TH-200 Course module 2 section 2
Continuing from my OffSec TH-200 journey… In cybersecurity, ransomware remains one of the most dangerous threats facing organizations today. Ransomware attacks have evolved over the years, and attackers have become
threat actors
Understanding Threat Actors: Insights from OffSec TH-200 Course module 2 section 1
As I continue my journey through the OffSec TH-200 course, I’ve now reached Module 2, Section 1, which delves into some critical areas of cybersecurity: threat actors, ransomware groups,
threat
Threat Hunting Concepts and Practices - Insights from OffSec TH-200 Course module 1
As cybersecurity threats evolve and become increasingly sophisticated, organizations must adopt proactive measures to safeguard their networks. I’ve recently started the new OffSec TH-200 course, and I could finish
Linux
TryHackMe - Practical Example of OS Security Writeup
In this task, we will try to hack into a Linux system. You can find the task here In this task on TryHackMe, the objective was to simulate a real-world
picogym
PicoCTF - Shark on Wire 1
This is a challenge from picogym called Shark on Wire 1. The name suggests it's related to Wireshark. You can find the challenge here The challenge gave us
XXE
PicoCTF - SOAP
This challenge, titled 'SOAP,' from the web exploitation category on picoCTF, appears to center around an XXE (XML External Entity) vulnerability, as suggested by the associated tags. Upon
