Igor_sec's Blog
Hello! Welcome to my blog where I post write-ups for CTF challenges.
Hello! Welcome to my blog where I post write-ups for CTF challenges.
Room Link: https://tryhackme.com/r/room/threathuntingendgame Task 1 Introduction Threat Hunting: Endgame In this room, you will learn how to implement the threat hunting process to hunt malicious activities performed in the “Actions on Objectives” phase of the “Cyber Kill Chain”. You will also experience the hunting process of commonly used MITRE ATT&CK techniques under the collection, exfiltration and impact tactics.…
Task 1 Introduction Is your organisation’s network robust enough to spot lateral movements of adversaries within your systems? Can you detect unusual network activities or illicit privilege escalation that could indicate a pivot attack? Can you use network telemetry and analytics to identify abnormal behaviour and halt lateral movement before it wreaks havoc? These are essential…
Task 1 Introduction Are your organisation’s defences robust enough to detect intrusion attempts by adversaries? Are you equipped to hunt for covert signs of intrusion, even when the threat actors have only just breached your perimeters? Can you use high-quality data and advanced analytics to identify abnormal behaviour and stop attacks before they escalate? These are…
Room Link: https://tryhackme.com/room/malbuster Task 1 Introduction This room aims to be a practice room for Dissecting PE Headers and Static Analysis 1. In this scenario, you will act as one of the Reverse Engineers that will analyse malware samples based on the detections reported by your SOC team. Prerequisites This room requires basic knowledge of Malware…
Task 1 Introduction This room will cover all of the basics of attacking Kerberos the windows ticket-granting service; we’ll cover the following: This room will be related to very real-world applications and will most likely not help with any CTFs however it will give you great starting knowledge of how to escalate your privileges to a domain admin…
This room challenged me to analyze the tactics, techniques, and procedures (TTPs) of a sophisticated threat actor known as Boogeyman. The complex hands-on exercise walks through tracing the full attack chain, from the CEO falling prey to a phishing email, to weaponized payload execution, credential theft, lateral traversal and attempted ransomware deployment. Room link: https://tryhackme.com/room/boogeyman3…
Task 1 Introduction After having a severe attack from the Boogeyman, Quick Logistics LLC improved its security defences. However, the Boogeyman returns with new and improved tactics, techniques and procedures. In this room, you will be tasked to analyse the new tactics, techniques, and procedures (TTPs) of the threat group named Boogeyman. Prerequisites This room may…
In this blog, I’ll be documenting my experience with the Disk Analysis & Autopsy room on TryHackMe, which challenged me to leverage disk artifacts to unravel an attack narrative. Room Link: https://tryhackme.com/room/autopsy2ze0 Task 1 Windows 10 Disk Image In the attached VM, there is an Autopsy case file and its corresponding disk image. After loading the .aut file, make…
Investigating the Compromised Endpoint Scenario: One of the employees at Lockman Group gave an IT department the call; the user is frustrated and mentioned that all of his files are renamed to a weird file extension that he has never seen before. After looking at the user’s workstation, the IT guy already knew what was…
In this post, I’ll be working through a suspicious process execution exercise from TryHackMe to practice investigating event logs in Splunk. In this exercise, I’m given Windows event logs from an infected host to analyse. By filtering events in Splunk and extracting key data points, anomalies are discovered and attacker activities are uncovered. Task 1 Introduction…