WriteUp: HackTheBox Devel

This is my second box in HackTheBox. There are probably a couple of different ways to exploit this but I went with the FTP path as FTP is known to be vulnerable. Maybe later in time, I will come back and try to exploit it using HTTP (if at all possible). We first exploit a … Continue reading WriteUp: HackTheBox Devel →

WriteUp: HackTheBox Blue

Getting back on HTB. Last time, I had to shift focus after 1 or 2 boxes and did not even have a writeup for them. Let's see how long I'll last this time round :). I'm basically starting from scratch now so let's just say, this is my very first box in my list of … Continue reading WriteUp: HackTheBox Blue →

My GIAC Certified Forensic Analyst (GCFA) Experience

In late January, I was offered a moderator position via SANS Work Study Program that allowed me to attend the FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics course taught live online by instructor Mat Fuchs. This is a 6 day intensive course that cumulates in a capstone challenge on day 6. Being a … Continue reading My GIAC Certified Forensic Analyst (GCFA) Experience →

Building my Home Lab part 1: Hardware

I finally decided it was time to setup a proper home lab for threat research / hunting and tool exploration instead of using virtual options on my computer or in AWS that I have to tear down ever so often due to cost. I must say that I'm not an expert when it comes to … Continue reading Building my Home Lab part 1: Hardware →

Setting up a 2-in-1 VM for Labs using Windows Subsystem Linux (WSL)

I am currently preparing a Network Fundamentals training that I'll be presenting in June and as part of that, I need a VM that I can share with the participants as I'll be incorporating some hands-on exercises in my presentation. Instead of setting up two different machines, I opted to use a Windows 10 VM … Continue reading Setting up a 2-in-1 VM for Labs using Windows Subsystem Linux (WSL) →

DevSlop Kubernetes CTF WriteUp

As an organizer for the DevSlop Game Day, I couldn't participate in the CTF itself (bummer!) so I chose to walk through the challenges prior to the event to ensure that they are solvable and easy to comprehend. I personally had no experience with Kubernetes prior to organizing this CTF, therefore, it was a perfect … Continue reading DevSlop Kubernetes CTF WriteUp →

KringleCon 3: French Hens Writeup

January 2020 was the first time I learnt about SANS Holiday Hack Challenge - yes, it took 10 years of its' existence for the news to reach me via snail mail! Anyway, I was just two days away from the writeup deadline for Yr.2019 KringleCon2 so I did not have much time to participate and … Continue reading KringleCon 3: French Hens Writeup →

Year 2020 in Book Review

At the start of 2020, I decided to adopt reading as a habit. I opted to start small and set a target to read at least 12 books by the end of the year. I'm glad that I exceeded this target by finishing 18 books in total. Whereas my pIan was to actually read the … Continue reading Year 2020 in Book Review →

Writeup: Advent of CTF 5 – Classic

For this challenge, we are required to bypass a login form using a powerful 'hacker tool'. Could the reference to hacker tool simply be a distraction? Again a login form stands in your way. What powerful 'hacker' tool will help you proceed? As usual, we begin by inspecting the source code via Developer tools to … Continue reading Writeup: Advent of CTF 5 – Classic →

Writeup: Advent of CTF 4 – Obfuscation

The fourth challenge hints on there being something hidden There are people who think you can hide important things by making it hard to read. The page welcomes us with the following message: Let's try inspect the page with Developer tools. We immediately notice that JavaScript is in play here. Navigating to the Debugger section … Continue reading Writeup: Advent of CTF 4 – Obfuscation →