Skip to content

2022

  • in THM
  • 4 min read

THM - Advent of Cyber 2022 - Day 13


Difficulty: ⭐
Challenge Link
OS: Linux

After receiving the phishing email on Day 6 and investigating malware on Day 12, it seemed everything was ready to go back to normal. However, monitoring systems started to show suspicious traffic patterns just before closing the case. Now Santa's SOC team needs help in analysing these suspicious network patterns.

Learning Objectives

  • Learn what traffic analysis is and why it still matters.
  • Learn the fundamentals of traffic analysis.
  • Learn the essential Wireshark features used in case investigation.
  • Learn how to assess the patterns and identify anomalies on the network.
  • Learn to use additional tools to identify malicious addresses and conduct further analysis.
  • Help the Elf team investigate suspicious traffic patterns.
  • in THM
  • 3 min read

THM - Advent of Cyber 2022 - Day 12


Difficulty: ⭐⭐
Challenge Link
OS: Linux

The malicious document attached to the phishing email was confirmed to have been executed. Aside from the fact that rogue connections were observed, we know little about what it does.

Our in-house expert Forensic McBlue confirmed that the malicious document spawned another suspicious binary. Pivoting from that, he dumped it from memory for this task to be further analysed via Malware Analysis.

Learning Objectives

  • Learn the fundamentals of analysing malware samples without relying on automated sandbox scanners.
  • Learn and understand typical malware behaviour and its importance in the incident investigation pipeline.
  • in THM
  • 3 min read

THM - Advent of Cyber 2022 - Day 11


Difficulty: ⭐
Challenge Link
OS: Linux/Windows

This challenge is focused on doing Memory Forensics.

To access the memory dump, you will need to deploy the machine attached to this task by pressing the green "Start Machine" button located at the top-right of this task. The machine should launch in a split-screen view. If it does not, you will need to press the blue "Show Split Screen" button near the top-right of this page.

Volatility and the memory file (named workstation.vmem) is located in /home/elfmcblue/volatility3.

  • in THM
  • 13 min read

THM - Lazy Admin

░█░░░█▀█░▀▀█░█░█░░░█▀█░█▀▄░█▄█░▀█▀░█▀█
░█░░░█▀█░▄▀░░░█░░░░█▀█░█░█░█░█░░█░░█░█
░▀▀▀░▀░▀░▀▀▀░░▀░░░░▀░▀░▀▀░░▀░▀░▀▀▀░▀░▀
"Don't we just love those lazy admins!"

Difficulty: ⭐⭐
Direct link: Module Link

Background

     This is going to be a quick walkthrough and brain dump of my experience going through THM LazyAdmin. I am not above using hints. This is all a growing and learning experience for me. This was one of the suggested boxes for Capstone in TCM Security's Linux Privesc Course.

  • in HTB
  • 3 min read

HackTheBox Academy Review

░█░█░▀█▀░█▀▄░░░█▀█░█▀▀░█▀█░█▀▄░█▀▀░█▄█░█░█░░░█▀▄░█▀▀░█░█░▀█▀░█▀▀░█░█
░█▀█░░█░░█▀▄░░░█▀█░█░░░█▀█░█░█░█▀▀░█░█░░█░░░░█▀▄░█▀▀░▀▄▀░░█░░█▀▀░█▄█
░▀░▀░░▀░░▀▀░░░░▀░▀░▀▀▀░▀░▀░▀▀░░▀▀▀░▀░▀░░▀░░░░▀░▀░▀▀▀░░▀░░▀▀▀░▀▀▀░▀░▀
"Initial Review of HTB Academy"

     Over the past month or two I've been using HackTheBox Academy to earn my CPEs for CISSP. It's been quite enjoyable. I really enjoy the layout of their modules. Some could use some work but, it's a newer platform. Some modules take some time. As of currently the answers to everything are not plastered everywhere like THM. Though, I really enjoy the documentation with each module. They touch on learning styles a lot.
     I really value the end of each module where they have a easy, medium, and hard hands-on assessment where you have to identify specific things. They could touch on things from previous sections of the course or some instances previous modules and they expect you to build on each module. I actually enjoy reading their modules whereas usually I dont even reading that indepth.
     I've made it through half of the Penetration Tester Pathway. It also does not have a plastered rank system and harps on learning versus boasting a rank. I value the ability to learn. I can bounce over to the HTB Platform and own a few boxes there if I want to earn ranks and whatnot. Though, some people value that I just like the content. I still use both platforms because they are cheap enough and It's nice to not have all your eggs in one basket.

  • in Other
  • 11 min read

Kubernetes Adventures

░█░█░█░█░█▀▄░█▀▀░█▀▄░█▀█░█▀▀░▀█▀░█▀▀░█▀▀░░░█▀█░█▀▄░█░█░█▀▀░█▀█░▀█▀░█░█░█▀▄░█▀▀░█▀▀
░█▀▄░█░█░█▀▄░█▀▀░█▀▄░█░█░█▀▀░░█░░█▀▀░▀▀█░░░█▀█░█░█░▀▄▀░█▀▀░█░█░░█░░█░█░█▀▄░█▀▀░▀▀█
░▀░▀░▀▀▀░▀▀░░▀▀▀░▀░▀░▀░▀░▀▀▀░░▀░░▀▀▀░▀▀▀░░░▀░▀░▀▀░░░▀░░▀▀▀░▀░▀░░▀░░▀▀▀░▀░▀░▀▀▀░▀▀▀

"A Quick Walkthrough on a local setup of a K3s Cluster"

!!! abstract "Background:       I was tasked with getting a local replica of my environment setup to learn and develop locally. I am running a Windows 10 Pro PC w/ an Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz, 3601 Mhz, 8 Core(s), 16 Logical Processor(s) and 64 GB of RAM.

Difficulty:

Prerequisites:

  • Choco
  • Hyper-V (https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v)
  • Alternate (VirtualBox)
  • in Other
  • 5 min read

Random Python Scripts

░█▀▄░█▀█░█▀█░█▀▄░█▀█░█▄█░░░█▀█░█░█░▀█▀░█░█░█▀█░█▀█░░░█▀▀░█▀▀░█▀▄░▀█▀░█▀█░▀█▀░█▀▀
░█▀▄░█▀█░█░█░█░█░█░█░█░█░░░█▀▀░░█░░░█░░█▀█░█░█░█░█░░░▀▀█░█░░░█▀▄░░█░░█▀▀░░█░░▀▀█
░▀░▀░▀░▀░▀░▀░▀▀░░▀▀▀░▀░▀░░░▀░░░░▀░░░▀░░▀░▀░▀▀▀░▀░▀░░░▀▀▀░▀▀▀░▀░▀░▀▀▀░▀░░░░▀░░▀▀▀
"Just Couple Oddly built Python Scripts"

     I had to piece together some old data from some of my various Python Projects. I came accross this gem. A few years ago I had to put together a Python script that could do some basic arithemetic. Much like every aspiring student or even professional developers, I most likely "aquirred" some of this code from lovely sources.

Difficulty:

Warning

Use the below code at your own risk.

## Charles Goodling
## PowerCalc.py
## 04-16-17
## Assignment 7

## This program will ask a user for two inputs. First input will be the base number then the second
## will be the exponent or power the user would like the calculator to solve. This calculator works
## for negatives and positive bases and powers.
## For Example, User inputs 2 for Base and 2 for Power. The calculator outputs 4.

## I tried to make sure I covered all posible inputs and answers. I like to code and it makes things
## more challenging to do more than requested. So I apologize if I went above the requirements.