1337 Sheets

Hunting on Endpoints: Insights from OffSec TH-200 Course module 5 Section 1

In an era of increasing cyber threats, endpoint threat hunting enables proactive identification of malicious activities on devices, focusing on Indicators of Compromise (IoCs) such as network-related, file-related, and behavioral IoCs. Logs, especially enhanced by Sysmon, are vital for uncovering suspicious behavior. Modern security relies on Endpoint Detection and Response (EDR) solutions that offer deep insights and active threat response capabilities, surpassing traditional antivirus tools.
Hunting on Endpoints: Insights from OffSec TH-200 Course module 5 Section 1

Threat Hunting With Network: Insights from OffSec TH-200 Course module 4

This write-up details the investigation of a ransomware incident involving CLIENT02, focusing on network artifacts such as IDS logs and Splunk queries to identify IoCs related to LockBit ransomware. The process involves using threat intelligence tools to analyze destination IPs and full packet captures with Wireshark, aiming to track down the origin of the attack.
Threat Hunting With Network: Insights from OffSec TH-200 Course module 4

Communication and Reporting for Threat Hunters: Insights from OffSec TH-200 Course module 3

In OffSec TH-200 Module 3, the importance of timely intelligence and effective communication in threat hunting is highlighted. Key concepts include leveraging Operational, Tactical, and Technical Threat Intelligence for detecting threats like Emotet, and employing the Traffic Light Protocol (TLP) for secure and controlled information sharing during incidents to prevent data breaches.
Communication and Reporting for Threat Hunters: Insights from OffSec TH-200 Course module 3

Ransomware Actors and Their Strategies: Insights from OffSec TH-200 Course module 2 section 2

Ransomware actors, motivated by financial gain, utilize tactics like phishing, exploiting vulnerabilities, and Initial Access Brokers to infect systems. The Ransomware-as-a-Service model enables lesser-skilled criminals to profit from these attacks. The attack process includes encryption, ransom demand, and payment typically in cryptocurrency. Modern strategies include double and triple extortion, combining data encryption with data theft to pressure victims.
Ransomware Actors and Their Strategies: Insights from OffSec TH-200 Course module 2 section 2

Understanding Threat Actors: Insights from OffSec TH-200 Course module 2 section 1

In OffSec TH-200 Module 2, Section 1, key cybersecurity threat actors are explored, including cybercriminals like script kiddies, hacktivists, and ransomware groups, as well as sophisticated APTs and insider threats. Each group possesses distinct motivations and impacts on organizations, necessitating robust defense strategies.
Understanding Threat Actors: Insights from OffSec TH-200 Course module 2 section 1

Threat Hunting Concepts and Practices - Insights from OffSec TH-200 Course module 1

The Offsec TH-200 course's Module 1 covers threat hunting in cybersecurity, focusing on proactive detection of threats as opposed to reactive SOC alerts. Threat hunting is categorized into in-house teams and third-party services, which enhance security by offering various detection solutions. The Threat Hunting Maturity Model outlines five levels of implementation based on data collection and analysis sophistication. Effective threat hunting consists of triggering a hypothesis, investigating, and resolving threats.
Threat Hunting Concepts and Practices - Insights from OffSec TH-200 Course module 1

TryHackMe - Practical Example of OS Security Writeup

The objective of the task was to simulate hacking into a Linux system. We gained unauthorized access using the username and password found on a sticky note. We answered questions about passwords and escalated our privileges to the root account. This exercise highlighted vulnerabilities and provided practical experience in penetration testing techniques.
TryHackMe - Practical Example of OS Security Writeup

PicoCTF - Shark on Wire 1

The author analyzes a challenge called Shark on Wire 1 in picogym related to wireshark. By using filters and tools like chatgpt, the author explores the pcap file and identifies TCP/UDP streams. After trying different stream indices, the author discovers a flag in stream 6. The flag is accepted when inputted.
PicoCTF - Shark on Wire 1

PicoCTF - trickster

The picoCTF 'trickster' challenge involves uploading PNG files on a web application. After successfully uploading a PNG image, the user discovers that the site validates file types based on magic bytes. Exploring the server reveals an uploads directory, prompting the user to exploit the upload functionality by modifying file hexadecimals to insert PHP web shells disguised as PNG files. The author details the steps taken to bypass validations and discusses decoding PNG encoding.
PicoCTF - trickster

PicoCTF - SOAP

The picoCTF challenge 'SOAP' focused on exploiting an XXE vulnerability. Initial reconnaissance reveals a static interface with buttons triggering XML-based interactions. Analyzing through BurpSuite confirms the presence of XML input, which was manipulated to inject a XXE payload, successfully revealing the flag.
PicoCTF - SOAP

RogueWave Hack Tail Accessory: Embrace the Rogue Within

Introducing the RogueWave Hack Tail Accessory, the ultimate portable pentesting tool with WiFi and Bluetooth capabilities, dual power options, and seamless connectivity. Ideal for capturing packets, managing IoT devices, and executing remote operations using apps like ConnectBot and Termius. With 512 MB RAM, it supports advanced hacking tasks while blending into any environment.
RogueWave Hack Tail Accessory: Embrace the Rogue Within

Web-300 - Exam 3 - June 23 2024

The text provides connection information and instructions for two target machines. The goal is to bypass authentication and gain remote code execution. The tasks include identifying vulnerabilities, providing screenshots, and scripting exploits. Failure to follow instructions may result in zero points. The target machines are exact copies of debugging machines.
Web-300 - Exam 3 - June 23 2024

Hack The Box - Redeemer

Author conducted a comprehensive Nmap scan and discovered an open port hosting Redis service upon obtaining IP address from the box. Interacted with Redis server using redis-cli and found multiple keys, including a promising 'flag' key. Retrieved value of the 'flag' key and submitted it as root flag.
Hack The Box - Redeemer

Offsec - Clue

The reconnaissance phase involved scanning the target IP address using Nmap, which revealed open ports and services. Further investigation focused on the web server and port 3000, which indicated the presence of a web application. Directory discovery techniques were used, including Dirbuster and Gobuster, which uncovered some directories with content. A remote file read exploit was found for Cassandra Web, allowing access to sensitive files. Passwords were revealed, but attempts to log in via SSH were unsuccessful. The Freeswitch service was also explored, but no successful exploits were found. Finally, using Samba, read permissions were obtained for backups, allowing access to archives of Cassandra and Freeswitch. The password for Freeswitch was obtained from a configuration file, but no further access was gained. Overall, the reconnaissance phase involved thorough scanning and exploitation of various services.
Offsec - Clue

Hack The Box - Fawn

This writeup is a walkthrough of the HTB 'Starting Point' machine called 'Fawn'. The author explains how to activate the machine, scan it using Nmap to gather information, exploit a vulnerability in the FTP service to gain access, and download and submit the flag to complete the challenge.
Hack The Box - Fawn

picoCTF 2021 Solution - Wireshark twoo twooo two twoo...

Decoding and cracking flags from pcap files containing various TCP streams.
picoCTF 2021 Solution - Wireshark twoo twooo two twoo...

picoCTF 2021 Solution - Wireshark doo dooo do doo...

Solved a CTF challenge by analyzing a packet capture file with Wireshark, identifying a substitution cipher using quipqiup, and decrypting it with CyberChef, revealing the secret message and flag.
picoCTF 2021 Solution - Wireshark doo dooo do doo...

Hack The Box - Dancing

After spawning the machine, we obtained the IP address and ran nmap to find open ports. Port 445 was running Server Message Block (SMB). Using smbclient -L command, we discovered four sharenames. We explored each share and found a text file and a flag file.
Hack The Box - Dancing

HTB CTF 2024 - Vault Of Hope - Crypto - eXciting Outpost Recon Solution

HTB CTF 2024 - Vault Of Hope - Crypto - eXciting Outpost Recon Solution

HTB CTF 2024 - Vault Of Hope - Coding - Computational Recruiting Solution

HTB CTF 2024 - Vault Of Hope - Coding - Computational Recruiting Solution