Igor_sec's Blog
Hello! Welcome to my blog where I post write-ups for CTF challenges.
Hello! Welcome to my blog where I post write-ups for CTF challenges.
Room Link: https://tryhackme.com/r/room/threathuntingendgame Task 1 Introduction Threat Hunting: Endgame In this room, you will learn how to implement the threat hunting process to hunt malicious activities performed in the “Actions on Objectives” phase of the “Cyber Kill Chain”. You will also experience the hunting process of commonly used MITRE ATT&CK techniques under the collection, exfiltration and impact tactics.…
Task 1 Introduction Is your organisation’s network robust enough to spot lateral movements of adversaries within your systems? Can you detect unusual network activities or illicit privilege escalation that could indicate a pivot attack? Can you use network telemetry and analytics to identify abnormal behaviour and halt lateral movement before it wreaks havoc? These are essential…
Task 1 Introduction Are your organisation’s defences robust enough to detect intrusion attempts by adversaries? Are you equipped to hunt for covert signs of intrusion, even when the threat actors have only just breached your perimeters? Can you use high-quality data and advanced analytics to identify abnormal behaviour and stop attacks before they escalate? These are…
Room Link: https://tryhackme.com/room/malbuster Task 1 Introduction This room aims to be a practice room for Dissecting PE Headers and Static Analysis 1. In this scenario, you will act as one of the Reverse Engineers that will analyse malware samples based on the detections reported by your SOC team. Prerequisites This room requires basic knowledge of Malware…
Task 1 Investigating Windows This is a challenge that is exactly what is says on the tin, there are a few challenges around investigating a windows machine that has been previously compromised. Connect to the machine using RDP. The credentials the machine are as follows: Username: AdministratorPassword: letmein123! Please note that this machine does not respond to…
Task 1 Introduction This room will cover all of the basics of attacking Kerberos the windows ticket-granting service; we’ll cover the following: This room will be related to very real-world applications and will most likely not help with any CTFs however it will give you great starting knowledge of how to escalate your privileges to a domain admin…
This room challenged me to analyze the tactics, techniques, and procedures (TTPs) of a sophisticated threat actor known as Boogeyman. The complex hands-on exercise walks through tracing the full attack chain, from the CEO falling prey to a phishing email, to weaponized payload execution, credential theft, lateral traversal and attempted ransomware deployment. Room link: https://tryhackme.com/room/boogeyman3…
Task 1 Introduction After having a severe attack from the Boogeyman, Quick Logistics LLC improved its security defences. However, the Boogeyman returns with new and improved tactics, techniques and procedures. In this room, you will be tasked to analyse the new tactics, techniques, and procedures (TTPs) of the threat group named Boogeyman. Prerequisites This room may…
The room provided a phishing email, endpoint logs, and network traffic to analyze. By studying email headers, parsing JSON logs with JQ, and reconstructing events from packet captures, I uncovered how the threat actor gained initial access, enumerated the host, exfiltrated data, and maintained persistence. Key learning included inspecting encoded payloads, tracking command execution in…
In this blog, I’ll be documenting my experience with the Disk Analysis & Autopsy room on TryHackMe, which challenged me to leverage disk artifacts to unravel an attack narrative. Room Link: https://tryhackme.com/room/autopsy2ze0 Task 1 Windows 10 Disk Image In the attached VM, there is an Autopsy case file and its corresponding disk image. After loading the .aut file, make…