Building my Home Lab part 3: deploying the core infrastructure (hypervisor,firewall and router)

Let's continue with our lab upgrade project. So far, we've assembled the hardware and hopefully come up with a good enough architectural network design to get us started. Our next step will be to deploy the core infrastructure which will be made up of the hypervisor, firewall and router. For those new to the term, … Continue reading Building my Home Lab part 3: deploying the core infrastructure (hypervisor,firewall and router)

WriteUp: HackTheBox Bashed

Bashed is a Linux machine rated easy. We gain access to the user flag via basic enumeration. To get the root flag, we have to escalate privileges by taking advantage of a scheduled cron job that can run without a password being required. Table of Contents ReconnaissanceEnumerationUser FlagPrivilege EscalationRoot FlagDefender's Note Reconnaissance We start off … Continue reading WriteUp: HackTheBox Bashed

My GIAC Certified Forensic Analyst (GCFA) Experience

In late January, I was offered a moderator position via SANS Work Study Program that allowed me to attend the FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics course taught live online by instructor Mat Fuchs. This is a 6 day intensive course that cumulates in a capstone challenge on day 6. Being a … Continue reading My GIAC Certified Forensic Analyst (GCFA) Experience

Setting up a 2-in-1 VM for Labs using Windows Subsystem Linux (WSL)

I am currently preparing a Network Fundamentals training that I'll be presenting in June and as part of that, I need a VM that I can share with the participants as I'll be incorporating some hands-on exercises in my presentation. Instead of setting up two different machines, I opted to use a Windows 10 VM … Continue reading Setting up a 2-in-1 VM for Labs using Windows Subsystem Linux (WSL)

DevSlop Kubernetes CTF WriteUp

As an organizer for the DevSlop Game Day, I couldn't participate in the CTF itself (bummer!) so I chose to walk through the challenges prior to the event to ensure that they are solvable and easy to comprehend. I personally had no experience with Kubernetes prior to organizing this CTF, therefore, it was a perfect … Continue reading DevSlop Kubernetes CTF WriteUp

Writeup: Advent of CTF 5 – Classic

For this challenge, we are required to bypass a login form using a powerful 'hacker tool'. Could the reference to hacker tool simply be a distraction? Again a login form stands in your way. What powerful 'hacker' tool will help you proceed? As usual, we begin by inspecting the source code via Developer tools to … Continue reading Writeup: Advent of CTF 5 – Classic

Writeup: Advent of CTF 4 – Obfuscation

The fourth challenge hints on there being something hidden There are people who think you can hide important things by making it hard to read. The page welcomes us with the following message: Let's try inspect the page with Developer tools. We immediately notice that JavaScript is in play here. Navigating to the Debugger section … Continue reading Writeup: Advent of CTF 4 – Obfuscation

Writeup: Advent of CTF 3 – JavaScript

This challenge requires that we bypass the login mechanism used on https://03.adventofctf.com. Let's see what Developer tools has to offer. I tried filling in the form with username test password test but I see no activity in Network tab which is odd for HTTP(s) traffic. I went ahead and inspected the source and found a … Continue reading Writeup: Advent of CTF 3 – JavaScript

Writeup: Advent of CTF 2 – CookieMonster

For the 2nd challenge we are required to bypass the login mechanism used on this webpage https://02.adventofctf.com. This is the page we get when we navigate to the URL. I tried logging in with a random username:password test:test. Since we are logged in as guests, we do not see the flag. Using developer tools, noted that … Continue reading Writeup: Advent of CTF 2 – CookieMonster

Writeup: Advent of CTF 1 – The Source

We are asked to visit https://01.adventofctf.com to start the challenge. This is what we get when we navigate to the site. A password is required, which we obviously do not have yet. The page hints on finding a flag. Let's check Developer Tools. What immediately catches my eye is the encoded string YWR2ZW50X29mX2N0Zl9pc19oZXJl in the source code … Continue reading Writeup: Advent of CTF 1 – The Source