Month: December 2021

Another day, another challenge…

In this post, we’re starting a new series the Advent of Cyber series that is hosted by TryHackMe. This is the third year of the Advent of Cyber where a challenge is released everyday leading to Christmas. In total there will be 25 challenges. In these challenges, we’re McSkidy an elf trying to save Christmas.

In our eighteenth challenge, we’re presented with a scenario where the Grinch has been boasting about their attack in an underground forum. The Grinch has been targeting organizations with campaigns – “Advent of Cyber”. We need to figure out what tooling Grinch Enterprises is using.

The topic explored in this challenge are containers. A container is a virtualization concept similar to a virtual machine. The virtualization software we’re going to use for this challenge is docker. One important concept to note with containers are they’re a snapshot in time. Meaning once you build or create a container you cannot modify it. That container will work the same forever. This can be good and bad. Good if you’re developing and you want to ship your code to a friend for them to play with or release it to production (live). Bad if you have secrets or API keys that are laying around in your code. If you create a container with API keys laying unsecured those APIs will be unsecured when you build the container and can will be viewable by anyone using the container. This will be useful in our challenge.

Can McSkidy find more info on the attack tooling Grinch Enterprises is using? Find out below!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007

Another day, another challenge…

In this post, we’re starting a new series the Advent of Cyber series that is hosted by TryHackMe. This is the third year of the Advent of Cyber where a challenge is released everyday leading to Christmas. In total there will be 25 challenges. In these challenges, we’re McSkidy an elf trying to save Christmas.

In our nineteenth challenge, we’re presented with a scenario where McSkidy has received multiple reports of phishing emails from multiple elves. Oh no! At this point, McSkidy doesn’t know if it’s the Grinch, so we need to inspect the email and find out.

The topic explored in this challenge is phishing which is the attempt to gain access to a victim’s computer. This can be done through a variety of ways – through email where an attacker will create an email that looks VERY similar to a real business such as a bank or delivery site. Except the email will be from a different email that is NOT related to the business in question. Another avenue is through social engineering. This tactic is to use gain trust by providing information about a user to get access to a system.

Let’s give an example of a social engineering attack: I am accessing McSkidy’s banking information, and I make the call as the Grinch. When I make this call, I am going to answer personal questions related to McSkidy. That way the representative or the authorizer will believe that the caller (in this case the Grinch) is McSkidy.

We will not use social engineering in this challenge, but I wanted to describe it briefly as it is a common tactic to use for phishing.

Can McSkidy find out where the phishing attempts were originated? See below!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007

Another day, another challenge…

In this post, we’re starting a new series the Advent of Cyber series that is hosted by TryHackMe. This is the third year of the Advent of Cyber where a challenge is released everyday leading to Christmas. In total there will be 25 challenges. In these challenges, we’re McSkidy an elf trying to save Christmas.

In our seventh challenge, we’re presented with a scenario where the application that handles the Gift requests is vulnerable due to the changing of the technology stack. The Grinch has figured this out and has control of the system, but did not patch it, so now we can exploit the same system as well.

The topics explored in this challenge are NoSQL or Non SQL which is similar to MySQL or Microsoft SQL Server (MSSQL) except NoSQL is used for Internet of Things (IoT) and Big Data for its fast queries and easy data structures. In this challenge we’re going to use MongoDB which is a free NoSQL database.

Can McSkidy use the information learned about NoSQL to retrieve the gift requests? Find out below!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007

Another day, another challenge…

In this post, we’re starting a new series the Advent of Cyber series that is hosted by TryHackMe. This is the third year of the Advent of Cyber where a challenge is released everyday leading to Christmas. In total there will be 25 challenges. In these challenges, we’re McSkidy an elf trying to save Christmas.

In our fourteenth challenge, we’re presented with a scenario where the CI/CD server has been compromised, and all updates to the website are terminated. Oh no!

The topics explored in this challenge are Continuous Integration/Continuous Delivery (CI/CD) which is a process to push code in a streamline, iterative fashion during the development lifecycle. Without this process code would be pushed manually which could present challenge if two developers are working on the same piece of code and check in the code at the same time. How would you know which code is the correct one? CI/CD makes this process easy to handle.

There are common CI/CD tools such as Jenkins, GitLab, and Bamboo. While CI/CD is great it does have its challenges. For instance, one such challenge is security misconfigurations. This is where the server is misconfigured to be too permissive – or allow too much access. Another misconfiguration is where secrets are not stored properly and are available in public view. These misconfigurations will be helpful in our challenge with our CI/CD server.

Can McSkidy use the information learned about security misconfigurations with CI/CD servers to get the web server back on track? Find out below!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007

Another day, another challenge…

In this post, we’re starting a new series the Advent of Cyber series that is hosted by TryHackMe. This is the third year of the Advent of Cyber where a challenge is released everyday leading to Christmas. In total there will be 25 challenges. In these challenges, we’re McSkidy an elf trying to save Christmas.

In our sixteenth challenge, we’re presented with a scenario where the Grinch is using the Best Festival Company to release his new ransomware. Oh no!

The topic explored in this challenge is Open Source Intelligence or OSINT for short. As you can imagine it uses open or free and public information to gather knowledge about a target. This is helpful for penetration tests and red team engagements as we want to get as much information as we can about our target. Such information can be search engines such as Google, social media such as Twitter, Facebook, Instagram and LinkedIn. Along with repositories such as GitHub. Anything that is public is fair game and will NOT get us in trouble.

Can McSkidy use her OSINT skills to help Santa save Christmas? See below!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007

Another day, another challenge…

In this post, we’re starting a new series the Advent of Cyber series that is hosted by TryHackMe. This is the third year of the Advent of Cyber where a challenge is released everyday leading to Christmas. In total there will be 25 challenges. In these challenges, we’re McSkidy an elf trying to save Christmas.

In our fifteenth challenge, we’re presented with a scenario where the grinch is taking a day off. Whew!

This challenge is a bit different. We’re presented with a quiz to determine what security career would be best for us. The choices are Security Analyst, Security Engineer, Incident Responder, Red Team, and Penetration Tester. Each career is explained at the end of the quiz.

See the below video to view my results!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007

Another day, another challenge…

In this post, we’re starting a new series the Advent of Cyber series that is hosted by TryHackMe. This is the third year of the Advent of Cyber where a challenge is released everyday leading to Christmas. In total there will be 25 challenges. In these challenges, we’re McSkidy an elf trying to save Christmas.

In our ninth challenge, we’re presented with a scenario where McSkidy notices there’s a large amount of traffic entering one system of the network. We need to use our traffic analysis skills to determine what the Grinch is up to destroy Christmas.

For this challenge we’re going to use a program called Wireshark. Wireshark allows us to review live network traffic to get usernames, passwords, etc. You might be thinking – well why can’t we just use the interception proxy that we used before in a previous challenge? Well interception proxies only work for web pages. Wireshark can work for other services that are not web pages such as a File Transfer Protocol (FTP) server where we can upload files to a server. A Domain Name Server (DNS) where we can substitute an IP address to a hostname. This will be especially useful during the challenge.

Can we use the information we learned about Wireshark to figure out how the Grinch is trying to destroy Christmas?

Well… click the below video to find out!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007

Another day, another challenge…

In this post, we’re starting a new series the Advent of Cyber series that is hosted by TryHackMe. This is the third year of the Advent of Cyber where a challenge is released everyday leading to Christmas. In total there will be 25 challenges. In these challenges, we’re McSkidy an elf trying to save Christmas.

In our tenth challenge, we’re presented with a scenario where McSkidy needs to perform a security assessment as Grinch Enterprises has caused damaged to the Best Festival Company’s infrastructure. The security assessment is to determine how the grinch was able to do the damage and what services the grinch exploited to gain access to the system.

Topics explored in this challenge are IP addresses which are logical representation of an address. An IP address is represented as four decimal numbers between the 0-255. Ex: 192.168.0.255. Every computer or host has an IP address. The next topics are protocols and servers. A protocol is an agreed upon method to communicate between two parties. In our instance, it’s an agreed upon method to communicate between a client (in most cases our computer) and a server. The next topic is a port. Now we can have multiple services running on the same server how can we determine the service? This is where the port comes in. You can think of the port as a street address. There are multiple homes on a street but there’s one home that matches a particular street address. The final topic is a program called Network mapper or Nmap. Nmap allows is to look at a network and determine what is open. This is helpful because we can determine if our network is too accessible or if we have it locked down just right. This is going to be helpful in McSkidy security assessment.

Can we use the information we learned about Nmap, IP addresses, ports, and servers to determine how the grinch gained access to the system?

Well… click the below video to find out!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007

Another day, another challenge…

In this post, we’re starting a new series the Advent of Cyber series that is hosted by TryHackMe. This is the third year of the Advent of Cyber where a challenge is released everyday leading to Christmas. In total there will be 25 challenges. In these challenges, we’re McSkidy an elf trying to save Christmas.

In our eleventh challenge, we’re presented with a scenario where McDatabaseAdmin has been locked out of the Microsoft MySQL Server (MS MQL Server) as the grinch has changed the password. Oh no!!! We need to probe to get McDatabaseAdmin’s access back. Time is of the essence as this server handles Santa’s transportation for Christmas!

Let’s delve a bit deeper into MS SQL Server. It’s a Relational Database Management System (RDMS). The database is comprised of tables. Each table has a column which represents a record of a relationship (group) of data. Also, in a table are columns. A column in a table represents how to describe the data. For instance, if we had a customer’s table sample columns would be – First Name, Last Name, Address, City, State, Zip. All the attributes to describe where a person lives.

Can we use the information we learned about MS SQL Server to find the password and keep Santa’s travel on track for Christmas?

Well… click the below video to find out!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007

Another day, another challenge…

In this post, we’re starting a new series the Advent of Cyber series that is hosted by TryHackMe. This is the third year of the Advent of Cyber where a challenge is released everyday leading to Christmas. In total there will be 25 challenges. In these challenges, we’re McSkidy an elf trying to save Christmas.

In our twelfth challenge, we’re presented with a scenario where there’s one server that has unusual traffic. We suspect Grinch Enterprises has been leaving traces of their exploits on our server. We must investigate this server to see what data we can extract.

The topic explored in this challenge was Network File System (NFS). NFS is a protocol that allows us to transfer files from one computer to another. It’s available on Windows and Linux. Which makes it easy to us NFS to share files between the different operating systems.

Can we use the information we learned about NFS to find the data we’re looking for?

Well… click the below video to find out!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007