capture the flag, hacking

@RealTryHackMe #AdventOfCyber Series: Challenge 22 – How It Happened #TisTheSeasonForHacking

Another day, another challenge…

In this post, we’re starting a new series the Advent of Cyber series that is hosted by TryHackMe. This is the third year of the Advent of Cyber where a challenge is released everyday leading to Christmas. In total there will be 25 challenges. In these challenges, we’re McSkidy an elf trying to save Christmas.

In our twenty-second challenge, we’re presented with a scenario where McSkidy has identified the first trace of Grinch Enterprises in their network. Now, McSkidy needs to find out what they did when they entered the network. Hmm… I wonder what that could be.

The topic(s) explored in this challenge are the encoding, ciphers, and oledump tool. In particular, we read about base64 encoding and how it’s still used to evade Antivirus detection even though it’s not super effective. The next topic was ciphers. In particular, we read about XOR ciphers which is used as an either-or option. Meaning, you can pick one option, but not both. The final topic is the oledump tool. This tool is used to analyze OLE files which you can think of as mini file systems. These files can hide macros which is executable code in Word and Excel documents. Bad actors can use macros to add malicious code. <— this will be helpful in this challenge.

Can McSkidy figure out what the Grinch did after gaining initial access to the system? Find out below!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007

capture the flag, hacking

@RealTryHackMe #AdventOfCyber Series: Challenge 17 – Elf Leaks #TisTheSeasonForHacking

Another day, another challenge…

In this post, we’re starting a new series the Advent of Cyber series that is hosted by TryHackMe. This is the third year of the Advent of Cyber where a challenge is released everyday leading to Christmas. In total there will be 25 challenges. In these challenges, we’re McSkidy an elf trying to save Christmas.

In our seventeenth challenge, we’re presented with a scenario where the Grinch has posted an email to everyone at the Best Festival Company detailing everyone’s name and date of birth. McSkidy talks with McInfra to determine the origin of the breach.

The topic explored in this challenge is AWS S3 (Simple Storage Service) and AWS IAM (Identity and Access Management). S3 is one of AWS oldest services and store files in buckets. These buckets can be stored publicly and privately (this will be useful in our challenge). For AWS IAM, there are two different keys that are useful for this service, access key IDs that start with AKIA and short-term credentials that start with ASIA. This will also be helpful in our challenge.

Can McSkidy find the origin of the breach? Find out below!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007

capture the flag, hacking

@RealTryHackMe #AdventOfCyber Series: Challenge 21 – Needles In Computer Stacks #TisTheSeasonForHacking

Another day, another challenge…

In this post, we’re starting a new series the Advent of Cyber series that is hosted by TryHackMe. This is the third year of the Advent of Cyber where a challenge is released everyday leading to Christmas. In total there will be 25 challenges. In these challenges, we’re McSkidy an elf trying to save Christmas.

In our twenty-first challenge, we’re presented with a scenario where McBlue wants to use automation to detect malicious files on the network. Great idea!

The topic explored in this challenge is the tool YARA. YARA is a tool that is used to match patterns in potentially malicious files. The tool can be used to as a detection aid for malware analysis. Which will be helpful in our challenge.

Can McSkidy find the malicious file(s) in the network? Find out below!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007

capture the flag, hacking, Uncategorized

@RealTryHackMe #AdventOfCyber Series: Challenge 13 – They Lost The Plan! #TisTheSeasonForHacking

Another day, another challenge…

In this post, we’re starting a new series the Advent of Cyber series that is hosted by TryHackMe. This is the third year of the Advent of Cyber where a challenge is released everyday leading to Christmas. In total there will be 25 challenges. In these challenges, we’re McSkidy an elf trying to save Christmas.

In our thirteenth challenge, we’re presented with a scenario where the Grinch has downgraded the permissions for the rough draft of the disaster recovery plan that McSkidy was working on. Oh no!

The topic explored in this challenge is elevation of privileges. There are two types of elevation of privileges. Vertical and horizontal elevation of privileges. Horizontal is where we go from one user to another with the same permissions. Vertical escalation of privileges is where we start as a standard user, and we elevate to an administrator (Windows) or root (Linux). The second type of escalation of privileges (vertical) will be useful for this challenge.

Can McSkidy escalate her privileges to retrieve the disaster recovery plan? Find out below!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007

capture the flag, hacking, Uncategorized

@RealTryHackMe #AdventOfCyber Series: Challenge 20 – What’s The Worst That Can Happen? #TisTheSeasonForHacking

Another day, another challenge…

In this post, we’re starting a new series the Advent of Cyber series that is hosted by TryHackMe. This is the third year of the Advent of Cyber where a challenge is released everyday leading to Christmas. In total there will be 25 challenges. In these challenges, we’re McSkidy an elf trying to save Christmas.

In our twentieth challenge, we’re presented with a scenario where McPayroll is processing bonuses. An elf sends McPayroll a file claiming it’s their new payment information. There’s one problem. McPayroll doesn’t recognize the elf. Uh oh…

The topic explored in this challenge is malware. Malware or malicious software is where there’s hidden code inside of file. Malware can be in executables, files that execute code which usually have the .exe extensions, and Word/Excel documents if macros are enabled, for example. In this challenge there are two commands used to determine if there is malware. The first command file will give us the file type no matter the extension and strings will output printable characters from a file.

Can McSkidy determine if the elves new payment information is really malware? Find out below!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007

capture the flag, hacking

@RealTryHackMe #AdventOfCyber Series: Challenge 8 – Santa’s Bag of Toys #TisTheSeasonForHacking

Another day, another challenge…

In this post, we’re starting a new series the Advent of Cyber series that is hosted by TryHackMe. This is the third year of the Advent of Cyber where a challenge is released everyday leading to Christmas. In total there will be 25 challenges. In these challenges, we’re McSkidy an elf trying to save Christmas.

In our eighth challenge, we’re presented with a scenario where Santa’s laptop that is used to prepare his bag of toys is missing. Oh no! It’s alleged that a minion from the Grinch Enterprise has stolen it and we need make sure that is the case. Besides Santa’s laptop being stolen we realized that the laptop was also compromised. While we don’t have the physical laptop, we do have logs that we can review.

The topic explored in this challenge are PowerShell Transcription Logs. These Transcription Logs can be viewed to see what PowerShell commands were executed to see what happened on a server or laptop *hint, hint*.

Can McSkidy find who stole the laptop and recover Santa’s bag of toys? Find out below!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007

capture the flag, hacking

@RealTryHackMe #AdventOfCyber Series: Challenge 18 – Playing With Containers #TisTheSeasonForHacking

Another day, another challenge…

In this post, we’re starting a new series the Advent of Cyber series that is hosted by TryHackMe. This is the third year of the Advent of Cyber where a challenge is released everyday leading to Christmas. In total there will be 25 challenges. In these challenges, we’re McSkidy an elf trying to save Christmas.

In our eighteenth challenge, we’re presented with a scenario where the Grinch has been boasting about their attack in an underground forum. The Grinch has been targeting organizations with campaigns – “Advent of Cyber”. We need to figure out what tooling Grinch Enterprises is using.

The topic explored in this challenge are containers. A container is a virtualization concept similar to a virtual machine. The virtualization software we’re going to use for this challenge is docker. One important concept to note with containers are they’re a snapshot in time. Meaning once you build or create a container you cannot modify it. That container will work the same forever. This can be good and bad. Good if you’re developing and you want to ship your code to a friend for them to play with or release it to production (live). Bad if you have secrets or API keys that are laying around in your code. If you create a container with API keys laying unsecured those APIs will be unsecured when you build the container and can will be viewable by anyone using the container. This will be useful in our challenge.

Can McSkidy find more info on the attack tooling Grinch Enterprises is using? Find out below!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007

capture the flag, hacking

@RealTryHackMe #AdventOfCyber Series: Challenge 19 – Something Phisy Is Going On #TisTheSeasonForHacking

Another day, another challenge…

In this post, we’re starting a new series the Advent of Cyber series that is hosted by TryHackMe. This is the third year of the Advent of Cyber where a challenge is released everyday leading to Christmas. In total there will be 25 challenges. In these challenges, we’re McSkidy an elf trying to save Christmas.

In our nineteenth challenge, we’re presented with a scenario where McSkidy has received multiple reports of phishing emails from multiple elves. Oh no! At this point, McSkidy doesn’t know if it’s the Grinch, so we need to inspect the email and find out.

The topic explored in this challenge is phishing which is the attempt to gain access to a victim’s computer. This can be done through a variety of ways – through email where an attacker will create an email that looks VERY similar to a real business such as a bank or delivery site. Except the email will be from a different email that is NOT related to the business in question. Another avenue is through social engineering. This tactic is to use gain trust by providing information about a user to get access to a system.

Let’s give an example of a social engineering attack: I am accessing McSkidy’s banking information, and I make the call as the Grinch. When I make this call, I am going to answer personal questions related to McSkidy. That way the representative or the authorizer will believe that the caller (in this case the Grinch) is McSkidy.

We will not use social engineering in this challenge, but I wanted to describe it briefly as it is a common tactic to use for phishing.

Can McSkidy find out where the phishing attempts were originated? See below!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007

capture the flag, hacking

@RealTryHackMe #AdventOfCyber Series: Challenge 7 – Migration Without Security #TisTheSeasonForHacking


Another day, another challenge…

In this post, we’re starting a new series the Advent of Cyber series that is hosted by TryHackMe. This is the third year of the Advent of Cyber where a challenge is released everyday leading to Christmas. In total there will be 25 challenges. In these challenges, we’re McSkidy an elf trying to save Christmas.

In our seventh challenge, we’re presented with a scenario where the application that handles the Gift requests is vulnerable due to the changing of the technology stack. The Grinch has figured this out and has control of the system, but did not patch it, so now we can exploit the same system as well.

The topics explored in this challenge are NoSQL or Non SQL which is similar to MySQL or Microsoft SQL Server (MSSQL) except NoSQL is used for Internet of Things (IoT) and Big Data for its fast queries and easy data structures. In this challenge we’re going to use MongoDB which is a free NoSQL database.

Can McSkidy use the information learned about NoSQL to retrieve the gift requests? Find out below!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007

capture the flag, hacking

@RealTryHackMe #AdventOfCyber Series: Challenge 14 – Dev(Insecure)Ops #TisTheSeasonForHacking


Another day, another challenge…

In this post, we’re starting a new series the Advent of Cyber series that is hosted by TryHackMe. This is the third year of the Advent of Cyber where a challenge is released everyday leading to Christmas. In total there will be 25 challenges. In these challenges, we’re McSkidy an elf trying to save Christmas.

In our fourteenth challenge, we’re presented with a scenario where the CI/CD server has been compromised, and all updates to the website are terminated. Oh no!

The topics explored in this challenge are Continuous Integration/Continuous Delivery (CI/CD) which is a process to push code in a streamline, iterative fashion during the development lifecycle. Without this process code would be pushed manually which could present challenge if two developers are working on the same piece of code and check in the code at the same time. How would you know which code is the correct one? CI/CD makes this process easy to handle.

There are common CI/CD tools such as Jenkins, GitLab, and Bamboo. While CI/CD is great it does have its challenges. For instance, one such challenge is security misconfigurations. This is where the server is misconfigured to be too permissive – or allow too much access. Another misconfiguration is where secrets are not stored properly and are available in public view. These misconfigurations will be helpful in our challenge with our CI/CD server.

Can McSkidy use the information learned about security misconfigurations with CI/CD servers to get the web server back on track? Find out below!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007