Introduction to Brutus Challange I want to share some tips for approaching the Brutus challenge. Sherlock Scenario on Brutus Brutus is an entry-level DFIR challenge with two artifacts: auth.log and wtmp. The goal is to trace an SSH brute-force attack where the attacker cracks the root password. The […]
Introduction to Meerkat Challange I want to share some tips for approaching the Meerkat challenge. Sherlock Scenario on Meerkat A zip file has been provided, containing a .pcap file that captures network traffic from the timeframe of the suspected compromise. Additionally, a .json file is included, recording security […]
Case Scenario 1. Analyzing Domain Controller Security Logs, can you confirm the date & time when the kerberoasting activity occurred? 2. What is the Service Name that was targeted? 3.It is really important to identify the Workstation from which this activity occurred. What is the IP […]
In this post, I would like to share some walkthroughs on the Sherlock Challenges such as LockPick2.0 which can be considered a Hard Difficulty Case Study for LockPick2.0 Challenge Firstly, we need to extract the zip file of lockpick2.0 which provide us with a few files The screenshot above […]
In this post, I would like to share a walkthrough of the Inject Machine from Hack the Box This room will be considered an Easy machine on Hack the Box What will you gain from the Inject machine? For the user flag, you will need to execute […]
In this post, i would like to share a method that i have learned while playing with Bagel Machine. The vulnerability attack that i mentioned here is by using dotnet FSI. The full writeup on the Bagel Machine can be found here Dotnet FSI attack. For […]
Dompdf Vulnerability For those who are not familiar with Dompdf, Synk has released a few vulnerabilities that are related to Dompdf over here. Based on the description here, the vulnerability that we can use has been assigned to CVE-2022-28368. The vulnerability has an option in Dompdf […]
What are AMSI and AppLocker bypasses? This is a Windows Machine that might have some security features that might be preventing the reverse shell from running on the machine itself. We can assume that AppLocker is in use inside the machine which also leads to AMSI […]