My GIAC Certified Forensic Analyst (GCFA) Experience

In late January, I was offered a moderator position via SANS Work Study Program that allowed me to attend the FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics course taught live online by instructor Mat Fuchs. This is a 6 day intensive course that cumulates in a capstone challenge on day 6. Being a … Continue reading My GIAC Certified Forensic Analyst (GCFA) Experience

Setting up a 2-in-1 VM for Labs using Windows Subsystem Linux (WSL)

I am currently preparing a Network Fundamentals training that I'll be presenting in June and as part of that, I need a VM that I can share with the participants as I'll be incorporating some hands-on exercises in my presentation. Instead of setting up two different machines, I opted to use a Windows 10 VM … Continue reading Setting up a 2-in-1 VM for Labs using Windows Subsystem Linux (WSL)

DevSlop Kubernetes CTF WriteUp

As an organizer for the DevSlop Game Day, I couldn't participate in the CTF itself (bummer!) so I chose to walk through the challenges prior to the event to ensure that they are solvable and easy to comprehend. I personally had no experience with Kubernetes prior to organizing this CTF, therefore, it was a perfect … Continue reading DevSlop Kubernetes CTF WriteUp

Writeup: Advent of CTF 5 – Classic

For this challenge, we are required to bypass a login form using a powerful 'hacker tool'. Could the reference to hacker tool simply be a distraction? Again a login form stands in your way. What powerful 'hacker' tool will help you proceed? As usual, we begin by inspecting the source code via Developer tools to … Continue reading Writeup: Advent of CTF 5 – Classic

Writeup: Advent of CTF 4 – Obfuscation

The fourth challenge hints on there being something hidden There are people who think you can hide important things by making it hard to read. The page welcomes us with the following message: Let's try inspect the page with Developer tools. We immediately notice that JavaScript is in play here. Navigating to the Debugger section … Continue reading Writeup: Advent of CTF 4 – Obfuscation

Writeup: Advent of CTF 3 – JavaScript

This challenge requires that we bypass the login mechanism used on https://03.adventofctf.com. Let's see what Developer tools has to offer. I tried filling in the form with username test password test but I see no activity in Network tab which is odd for HTTP(s) traffic. I went ahead and inspected the source and found a … Continue reading Writeup: Advent of CTF 3 – JavaScript