Challenges

SANS April 2021 Forensic Quiz

https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz/27266/ Introduction Artifacts Excel-related Executables and DLLs Scheduled Task Pcaps Export objects Traffic Summary SHAs Introduction We’re provided with a .pcap and a bunch of artifacts (files). The AD, we’re told, is as follows: LAN segment range: 192.168.5.0/24 (192.168.5.0 through 192.168.5.255) Domain: clockwater.net Domain Controller: 192.168.5.5 - Clockwater-DC LAN segment gateway: 192.168.5.1 LAN segment broadcast address: 192.168.5.255 Artifacts First, let’s inspect the artifacts. $ find . -type f -exec ls -l -- {} + 242176 Mar 29 23:22 .

Digital Forensics

Thursday, April 22, 2021 | 9 minutes Read

Ignite

Tools and Commands nmap searchsploit python netcat Recon Start with an nmap scan: $ sudo nmap -A -oA nmap 10.10.194.158 The only open port is 80, a Apache/2.4.18 web server. View the web page in a browser and we find it’s the default page for FUEL CMS 1.4, which also gives us some basic info about the CMS. A quick Gobuster scan gives us nothing particularly useful: $ gobuster dir -u http://10.

TryHackMe

Sunday, January 3, 2021 | 3 minutes Read

Advent of Cyber 2

The first 23 days are simple bullet points describing how to do the task. Day 24 is a more complete write-up, as it was a more complete challenge! Table of Contents [Day 1] Web Exploitation: A Christmas Crisis [encoding] [Day 2] Web Exploitation: The Elf Strikes Back! [file upload] [Day 3] Web Exploitation: Christmas Chaos [brute force] [Day 4] Web Exploitation: Santas watching [brute force / fuzzing] [Day 5] Web Exploitation: Someone stole Santas gift list!

TryHackMe

Saturday, January 2, 2021 | 13 minutes Read