In this post, we’re starting a new series, the Advent of Cyber, hosted by TryHackMe. This is the fourth year of the Advent of Cyber, where a challenge is released every day leading to Christmas. There will be 25 challenges; we’re McSkidy, an elf trying to save Christmas.
In our seventh challenge, Elf McSkidy accidentally opened an attachment and believed processes/commands were being executed in the background. McSkidy employs Forensic McBlue to determine if his suspicion is confirmed.
The topics explored in this challenge are reviewing a (potential) malware document through CyberChef.
Is McSkidy’s suspicions about the document correct? Find out below!
In this post, we’re starting a new series, the Advent of Cyber, hosted by TryHackMe. This is the fourth year of the Advent of Cyber, where a challenge is released every day leading to Christmas. There will be 25 challenges; we’re McSkidy, an elf trying to save Christmas.
In our eighth challenge, The Best Festival Company (TBFC) was using blockchain and attempting to mint cryptocurrency. It was determined TBFC was compromised, and all the currency was lost during the attack.
The topics explored in this challenge are smart contracts – the functionality, and a common security vulnerability called the re-entrancy attack.
Can we determine how to find and replay the attack? Find out below!
In this post, we’re starting a new series, the Advent of Cyber, hosted by TryHackMe. This is the fourth year of the Advent of Cyber, where a challenge is released every day leading to Christmas. There will be 25 challenges; we’re McSkidy, an elf trying to save Christmas.
In our sixth challenge, Elf McBlue is researching email activity on the network to see if there was a phishing attack.
The topics explored in this challenge are social engineering, how to complete email analysis, important email headers, and how to use Sublime text to view emails with the .msg and .eml extensions, along with tools such as emlAnalyzer, email reputation, VirusTotal, and InQuest.
Can Elf McBlue determine if there was a phishing attack on the network? Find out below!
In this post, we’re starting a new series, the Advent of Cyber, hosted by TryHackMe. This is the fourth year of the Advent of Cyber, where a challenge is released every day leading to Christmas. There will be 25 challenges; we’re McSkidy, an elf trying to save Christmas.
In our fifth challenge, elf Recon McRed is searching the network to see if there are any backdoors that Bandit Yeti APT group have left behind.
The topics explored in this challenge are remote access services such as SSH, RDP, and VNC. Authentication, techniques to attack passwords, and finally how to hack an authentication service. Tools explored in this challenge were nmap (network mapper) and hydra.
Can Recon McRed figure out if Bandit Yeti APT Group left any backdoors in the web server? Find out below!
In this post, we’re starting a new series, the Advent of Cyber, hosted by TryHackMe. This is the fourth year of the Advent of Cyber, where a challenge is released every day leading to Christmas. There will be 25 challenges; we’re McSkidy, an elf trying to save Christmas.
In our fourth challenge, elf Recon McRed is scanning the server qa.santagift.shop which is used to add and delete gifts from Santa website. Recon McRed wants to determine how the server was compromised.
The topics explored in this challenge are the different types of scanning – passive and active, networking, port, vulnerability. Along with scanning tools such as nmap (network mapper) and Nikto.
Can Recon McRed figure out how the qa.santagift.shop was compromised? Find out below!
In this post, we’re starting a new series, the Advent of Cyber, hosted by TryHackMe. This is the fourth year of the Advent of Cyber, where a challenge is released every day leading to Christmas. There will be 25 challenges; we’re McSkidy, an elf trying to save Christmas.
In our third challenge, elf Recon McRed is trying to figure out how the santagift.shop website was compromised.
The topics explored in this challenge are OSINT techniques such as Google Dorks, WHOIS lookup, Robots.txt, Breached Database Search, and GitHub repos.
Can Recon McRed figure out how the santagift.shop was compromised? Find out below!
In this post, we’re starting a new series, the Advent of Cyber, hosted by TryHackMe. This is the fourth year of the Advent of Cyber, where a challenge is released every day leading to Christmas. There will be 25 challenges; we’re McSkidy, an elf trying to save Christmas.
In our second challenge, we’re presented with a scenario where a web server, santagift.shop, has been hijacked by the Bandit Yeti APT group. Our task is to analyze the log files from the web server and track down the Bandit Yeti APT group.
The topics explored in this challenge are different ways to parse log files, such as Windows Event Viewer, and common system log files in Linux, such as the /var/log directory. And common commands such as grep are used to search for text in a file.
Can McSkidy parse the web server log files and track down the Bandit Yeti APT group? Find out below!
In this post, we’re starting a new series, the Advent of Cyber, hosted by TryHackMe. This is the fourth year of the Advent of Cyber, where a challenge is released every day leading to Christmas. There will be 25 challenges; we’re McSkidy, an elf trying to save Christmas.
In our first challenge, we’re presented with a scenario where McSkidy discovered the Best Festival’s Company website has been defaced, and Santa cannot send gifts! McSkidy must complete three puzzles to determine who attacked Santa’s network and find the flag.
The topics explored in this challenge are security frameworks such as NIST, ISO 27001, MITRE Att&ck, Cyber Kill Chain, and Unified Kill Chain.
Can McSkidy solve the three puzzles to find the flag? Find out below!
In this post, we’re starting a new series the Advent of Cyber series that is hosted by TryHackMe. This is the third year of the Advent of Cyber where a challenge is released everyday leading to Christmas. In total there will be 25 challenges. In these challenges, we’re McSkidy an elf trying to save Christmas.
In our sixth challenge, we’re presented with a scenario where McSkidy discovered some recovery keys on a web application on a server that needed to be decommissioned. The elf in charge of decommissioning the server never got around to doing the task. McSkidy realizes that the recovery keys found can be used to save other systems.
The topics explored in this challenge are Local File Inclusion (LFI), and Remote Command Execution (RCE). LFI is a vulnerability where files can be accessed from the server. This is bad as ANY file with read permissions can be accessed. LFI happens due to Un-sanitized or lack of input validation. The application accepts any input from the users. Another topic explored is RCE. RCE happens when the user can inject or write to a specific file. When a user finds LFI it’s a good idea to see if RCE is also possible. This will be helpful for our challenge.
Can McSkidy use the recovery keys to log into other systems? Find out below!
In this post, we’re starting a new series the Advent of Cyber series that is hosted by TryHackMe. This is the third year of the Advent of Cyber where a challenge is released everyday leading to Christmas. In total there will be 25 challenges. In these challenges, we’re McSkidy an elf trying to save Christmas.
In our twenty-fourth challenge, we’re presented with a scenario where McSkidy wants to perform the same attacks Grinch Enterprises employed on the elves network to learn more about the attack. McSkidy will use the same machine that Grinch Enterprises compromised to understand the Grinch better.
The topic(s) explored in this challenge are post exploitation, hashing, how passwords are stored in the Windows operating system, the mimikatz tool, and how to crack a password hash using the tool John The Ripper. Hashing is a one-way function that is used to change text into an unrecognized form. There are many hashing algorithms such as MD5, SHA1, SHA256, etc.
Post-Exploitation is the process after the attacker has gained access to the system. In this stage, the attacker wants to keep persistence to the machine – meaning they do not want to lose their connection and they also want to escalate their privileges from a standard user to an Administrator/root user.
Hashing is important as it leads into the next topic of how passwords are stored in the Windows operating system. Windows passwords are stored in the Security Accounts Database (SAM). When a user types in a password, that password hash is compared to the hash in the SAM database by way of the Local Security Authority Subsystem Service (LSASS) service. If the passwords match, then the user successful logs in. If the passwords do not match, the user will receive an error message “incorrect password.”
Now that we know how passwords are stored and retrieved in Windows, we can dump them using the mimikatz tool. This tool allows us to dump the hashes from memory that comes from the LSASS service. Finally, once we have a password hash, we can use the tool John The Ripper to crack it. With John The Ripper, we can specify the hashing algorithm we want to use in the process.
Can McSkidy use the Grinch’s nefarious activities to learn more about his attacks? Find out below!
You must be logged in to post a comment.