WriteUp: HackTheBox Bashed

Bashed is a Linux machine rated easy. We gain access to the user flag via basic enumeration. To get the root flag, we have to escalate privileges by taking advantage of a scheduled cron job that can run without a password being required. Table of Contents ReconnaissanceEnumerationUser FlagPrivilege EscalationRoot FlagDefender's Note Reconnaissance We start off … Continue reading WriteUp: HackTheBox Bashed

My GIAC Certified Forensic Analyst (GCFA) Experience

In late January, I was offered a moderator position via SANS Work Study Program that allowed me to attend the FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics course taught live online by instructor Mat Fuchs. This is a 6 day intensive course that cumulates in a capstone challenge on day 6. Being a … Continue reading My GIAC Certified Forensic Analyst (GCFA) Experience

Writeup: Advent of CTF 5 – Classic

For this challenge, we are required to bypass a login form using a powerful 'hacker tool'. Could the reference to hacker tool simply be a distraction? Again a login form stands in your way. What powerful 'hacker' tool will help you proceed? As usual, we begin by inspecting the source code via Developer tools to … Continue reading Writeup: Advent of CTF 5 – Classic

Writeup: Advent of CTF 4 – Obfuscation

The fourth challenge hints on there being something hidden There are people who think you can hide important things by making it hard to read. The page welcomes us with the following message: Let's try inspect the page with Developer tools. We immediately notice that JavaScript is in play here. Navigating to the Debugger section … Continue reading Writeup: Advent of CTF 4 – Obfuscation

Writeup: Advent of CTF 3 – JavaScript

This challenge requires that we bypass the login mechanism used on https://03.adventofctf.com. Let's see what Developer tools has to offer. I tried filling in the form with username test password test but I see no activity in Network tab which is odd for HTTP(s) traffic. I went ahead and inspected the source and found a … Continue reading Writeup: Advent of CTF 3 – JavaScript

Writeup: Advent of CTF 2 – CookieMonster

For the 2nd challenge we are required to bypass the login mechanism used on this webpage https://02.adventofctf.com. This is the page we get when we navigate to the URL. I tried logging in with a random username:password test:test. Since we are logged in as guests, we do not see the flag. Using developer tools, noted that … Continue reading Writeup: Advent of CTF 2 – CookieMonster

Writeup: Advent of CTF 1 – The Source

We are asked to visit https://01.adventofctf.com to start the challenge. This is what we get when we navigate to the site. A password is required, which we obviously do not have yet. The page hints on finding a flag. Let's check Developer Tools. What immediately catches my eye is the encoded string YWR2ZW50X29mX2N0Zl9pc19oZXJl in the source code … Continue reading Writeup: Advent of CTF 1 – The Source

Setting up an IPSec VPN using Cisco Packet Tracer

This week was a rather intense one. I offered to be a volunteer trainer for a Network Security Bootcamp whose aim was to provide practical experience to new graduates and prepare them for a job in the Network Security field. At the end of the course, the students are expected to pass several exams among … Continue reading Setting up an IPSec VPN using Cisco Packet Tracer