capture the flag, hacking

@RealTryHackMe #AdventOfCyber Series: Challenge 8 – Last Christmas I Gave You My ETH #TisTheSeasonForHacking

Another day, another challenge…


In this post, we’re starting a new series, the Advent of Cyber, hosted by TryHackMe. This is the fourth year of the Advent of Cyber, where a challenge is released every day leading to Christmas. There will be 25 challenges; we’re McSkidy, an elf trying to save Christmas.


In our eighth challenge, The Best Festival Company (TBFC) was using blockchain and attempting to mint cryptocurrency. It was determined TBFC was compromised, and all the currency was lost during the attack.


The topics explored in this challenge are smart contracts – the functionality, and a common security vulnerability called the re-entrancy attack.


Can we determine how to find and replay the attack? Find out below!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007

capture the flag, hacking

@RealTryHackMe #AdventOfCyber Series: Challenge 6 – It’s Beginning To Look A Lot Like Phishing #TisTheSeasonForHacking

Another day, another challenge…

In this post, we’re starting a new series, the Advent of Cyber, hosted by TryHackMe. This is the fourth year of the Advent of Cyber, where a challenge is released every day leading to Christmas. There will be 25 challenges; we’re McSkidy, an elf trying to save Christmas.

In our sixth challenge, Elf McBlue is researching email activity on the network to see if there was a phishing attack.

The topics explored in this challenge are social engineering, how to complete email analysis, important email headers, and how to use Sublime text to view emails with the .msg and .eml extensions, along with tools such as emlAnalyzer, email reputation, VirusTotal, and InQuest.

Can Elf McBlue determine if there was a phishing attack on the network? Find out below!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007

capture the flag, hacking

@RealTryHackMe #AdventOfCyber Series: Challenge 5 – He Knows When You’re Awake #TisTheSeasonForHacking

Another day, another challenge…

In this post, we’re starting a new series, the Advent of Cyber, hosted by TryHackMe. This is the fourth year of the Advent of Cyber, where a challenge is released every day leading to Christmas. There will be 25 challenges; we’re McSkidy, an elf trying to save Christmas.

In our fifth challenge, elf Recon McRed is searching the network to see if there are any backdoors that Bandit Yeti APT group have left behind.

The topics explored in this challenge are remote access services such as SSH, RDP, and VNC. Authentication, techniques to attack passwords, and finally how to hack an authentication service. Tools explored in this challenge were nmap (network mapper) and hydra.

Can Recon McRed figure out if Bandit Yeti APT Group left any backdoors in the web server? Find out below!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007

capture the flag, hacking

@RealTryHackMe #AdventOfCyber Series: Challenge 4 – Scanning Through The Snow #TisTheSeasonForHacking

Another day, another challenge…

In this post, we’re starting a new series, the Advent of Cyber, hosted by TryHackMe. This is the fourth year of the Advent of Cyber, where a challenge is released every day leading to Christmas. There will be 25 challenges; we’re McSkidy, an elf trying to save Christmas.

In our fourth challenge, elf Recon McRed is scanning the server qa.santagift.shop which is used to add and delete gifts from Santa website. Recon McRed wants to determine how the server was compromised.

The topics explored in this challenge are the different types of scanning – passive and active, networking, port, vulnerability. Along with scanning tools such as nmap (network mapper) and Nikto.

Can Recon McRed figure out how the qa.santagift.shop was compromised? Find out below!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007

capture the flag, hacking

@RealTryHackMe #AdventOfCyber Series: Challenge 3 – Nothing Escapes Detective McRed #TisTheSeasonForHacking

Another day, another challenge…

In this post, we’re starting a new series, the Advent of Cyber, hosted by TryHackMe. This is the fourth year of the Advent of Cyber, where a challenge is released every day leading to Christmas. There will be 25 challenges; we’re McSkidy, an elf trying to save Christmas.

In our third challenge, elf Recon McRed is trying to figure out how the santagift.shop website was compromised.

The topics explored in this challenge are OSINT techniques such as Google Dorks, WHOIS lookup, Robots.txt, Breached Database Search, and GitHub repos.

Can Recon McRed figure out how the santagift.shop was compromised? Find out below!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007

capture the flag, hacking

@RealTryHackMe #AdventOfCyber Series: Challenge 2 – Santa’s Naughty & Nice Log #TisTheSeasonForHacking

Another day, another challenge…

In this post, we’re starting a new series, the Advent of Cyber, hosted by TryHackMe. This is the fourth year of the Advent of Cyber, where a challenge is released every day leading to Christmas. There will be 25 challenges; we’re McSkidy, an elf trying to save Christmas.

In our second challenge, we’re presented with a scenario where a web server, santagift.shop, has been hijacked by the Bandit Yeti APT group. Our task is to analyze the log files from the web server and track down the Bandit Yeti APT group.

The topics explored in this challenge are different ways to parse log files, such as Windows Event Viewer, and common system log files in Linux, such as the /var/log directory. And common commands such as grep are used to search for text in a file.

Can McSkidy parse the web server log files and track down the Bandit Yeti APT group? Find out below!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007

capture the flag, hacking

@RealTryHackMe #AdventOfCyber Series: Challenge 1 – Someone’s Coming To Town #TisTheSeasonForHacking

Another day, another challenge…

In this post, we’re starting a new series, the Advent of Cyber, hosted by TryHackMe. This is the fourth year of the Advent of Cyber, where a challenge is released every day leading to Christmas. There will be 25 challenges; we’re McSkidy, an elf trying to save Christmas.

In our first challenge, we’re presented with a scenario where McSkidy discovered the Best Festival’s Company website has been defaced, and Santa cannot send gifts! McSkidy must complete three puzzles to determine who attacked Santa’s network and find the flag.

The topics explored in this challenge are security frameworks such as NIST, ISO 27001, MITRE Att&ck, Cyber Kill Chain, and Unified Kill Chain.

Can McSkidy solve the three puzzles to find the flag? Find out below!

If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007

cybersecurity education

Let’s Talk About Cybersecurity Education

I read this article on tech boot camps, inspiring me to write this post.

Dreams Deferred

I recently presented at the CAE (Center for Academic Excellence) Forum, “Dreams Deferred: The Cost of Cybersecurity Education,” discussing boot camps/training center programs centered around cybersecurity.

The inspiration for my presentation came as I read articles discussing potential solutions to retain and strengthen the cybersecurity pipeline. But I didn’t see articles discussing the downside and downright predatory practices of some boot camps/training centers with underrepresented groups.

In the past three months, I encountered four African Americans lured into these programs. When I asked what made them want to pursue these boot camps/training centers, they described reading articles and watching the news discussing the cybersecurity workforce shortage. Each person believed that completing the boot camp/training center program would improve their lives by getting a job in cybersecurity.

(Almost) Dream Deferred

Their stories sparked memories of almost enrolling in a training center after high school. At that time, IT was a hot topic. I remember commercials describing students as “job ready” after completing the program, and IT experience was not required. I felt ahead of the curve as I had IT experience working at a non-profit during high school.

The plan was to go to class in the morning (8am-12pm) as classes were half-days (another selling point) and then go to work afterward. After describing this to my mentor, she advised me to not go down that path. Her words, “Jasmine go to community college, do not destroy your life. If something is too good to be true, most times it is.”

I’m glad my mentor gave that advice. If she didn’t, I wouldn’t have done the amazing things in my career, such as being an intern for the first African American to receive a Doctorate in Computer Science (Dr. Clarence “Skip” Ellis), graduating with my Master’s in Computer Science and Graduate Certificate in Information Security and Privacy, traveling the world presenting cybersecurity topics, and mentoring the next generation of cybersecurity professionals.

Insidious and Predatory Practices

To better understand the insidious and predatory practices of boot camps/training centers, we need to discuss their patterns:

1. Create targeted ads and marketing to underrepresented groups

2. Lure the potential student to get into tech with little to no experience on an accelerated schedule of six months to one year

3. Make the program seem “exclusive” to rush the student to enroll as soon as possible

4. Have students sign private loans to pay for tuition, which on average is between 3k-15k and interest rates of 10%+

5. The coursework is too difficult for the student to master, and they drop out of the program.

OR

6. The coursework is too easy and doesn’t challenge the student

7. The student graduates from the program, doesn’t find a job and has thousands of dollars in debt.

Falling Prey

One of the four people that contacted me described this exact scenario. This person has a private loan for $12,000 with an interest rate of 13%. Their program is six months. I remember telling this person that my interest rate was never that high with all my years of education (Master’s). They also told me they were falling behind in their coursework as the curriculum had drastically increased. When I inquired more about the coursework, I found the curriculum is not accredited, and most of it is currently available on YouTube. After showing them this information, the person felt dejected. Their words, “I spent $12,000 to improve my life, and I could’ve done this on YouTube for free.”

Quality Cybersecurity Education for All

With the increased push to increase and strengthen the cybersecurity pipeline, mainly from the White House with the National Cybersecurity Workforce and Education Summit, the education potential cybersecurity professionals consume must be quality. This is extremely important for underrepresented populations more susceptible to enrolling in faulty programs described above.

I created my non-profit, T-ATP, to provide an environment for prospective cybersecurity professionals to receive quality cybersecurity training and education. Our mission – creating quality cybersecurity education accessible to all. Students shouldn’t go into debt to improve their lives through quality education.

To learn more or support T-ATP, visit the link here.