Welcome to “cat root.txt” Write-ups

The contents of this blog are from my own experience and methodology on how I solved rooms in platforms such as TryHackMe, CyberDefenders, Security Blue Team, LetsDefend, and Hack The Box. This is my personal blog, and I am not paid by any of the hacking platforms. These hands-on environments have been instrumental in helping me deepen my understanding of real-world cyber threats and defensive strategies. I’m excited to keep learning, growing, and contributing to the field of cybersecurity.

Entries:

INE’s Certified Threat Hunting Professional (eCTHP) Certification Exam Review – Passed (11/2025)

I passed the eCTHP exam on 11/22/2025. I am writing about my experience with the course and the exam because I have not seen many posts referencing this certification exam. The Course: Threat Hunting Professional (New!) The course’s instructor is Brian Olliff. It is divided into 6 domains: Introduction to Threat Hunting, Intelligence in Threat…

by lightkunyagami December 2, 2025

Try Hack Me: Event Horizon

This room was released on 8/8/2025 and is rated HARD in difficulty. Shout-out to the room creator, hadrian3689. You can access the room at https://tryhackme.com/room/eventhorizonroom. This is a blueteam challenge. The skills/tools to be tested and needed to complete this challenge are Traffic Analysis using Wireshark, Debugging/Reverse Engineering using dnSpy, and Encoding/Decoding using CyberChef or Terminal. Scenario: Join Tom and…

by lightkunyagami August 11, 2025

LetsDefend: WannaCry Ransomware

LetsDefend rated this challenge as Medium in difficulty. This Blue Team challenge can be accessed at https://app.letsdefend.io/challenge/wannacry-ransomware. I answered the questions in this challenge using the tools Volatility, Oletools, and FTK Imager. I used 2 separate VMs for my analysis. One is a Remnux VM for memory analysis, and the other is a Windows 11 VM to analyze a…

by lightkunyagami August 6, 2025

My Journey to TryHackMe’s Security Analyst Level 1 (SAL1) Certification

From Creepy Teaser to Certified SAL1: On February 20, 2025, TryHackMe posted the below image on their “announcements” channel on Discord. When I saw it, I thought it was creepy because Halloween was almost four months over. The silhouette looked like a tombstone. I thought it was probably a new event, like the King of…

by lightkunyagami March 8, 2025

SANS FOR500 (GCFE) vs 13Cubed Investigating Windows Endpoints

I am writing this comparison between the FOR500 (GCFE) and 13Cubed Investigating Windows Endpoints based on my experience studying both the study materials and taking their respective certification exams. I sat and passed the GCFE on 8/6/2024: I got certified in Investigating Windows Endpoints on 8/16/2024: First, I want to give a shout-out to Health…

by lightkunyagami August 18, 2024August 18, 2024

LetsDefend: Adobe ColdFusion RCE

Servers utilizing Adobe ColdFusion were exploited in the wild. LetsDefend rated this challenge as Medium in difficulty. This Blue Team challenge can be accessed at https://app.letsdefend.io/challenge/adobe-coldfusion-rce. I answered the questions using the tools Hayabusa, Timeline Explorer, CyberChef and PowerShell. Scenario: A web server was isolated for suspicious use of the nltest.exe command. Investigate the Windows…

by lightkunyagami July 12, 2024

LetsDefend: Discord Forensics

When I saw the Discord Forensics challenge on LetsDefend, it reminded me of some recent data leak incidents involving members of the US Air Force using the popular gaming community’s instant messaging and VoIP social platform Discord. And, so, I wanted to try how to investigate Discord artifacts. Below are some of the headlines showing…

by lightkunyagami June 17, 2024

CyberDefenders: Ramnit (Memory Forensic Analysis)

It’s been a while since my last blog entry here. I’ve finally been able to catch up with life after returning from deployment. I would also like to take this opportunity to thank all the men and women I got to rub shoulders with, sacrificing their time to serve their country and their fellowmen. You…

by lightkunyagami June 10, 2024June 10, 2024

LetsDefend: Ransomware Attack

Scenario: An end-user device was infected by ransomware. A memory dump was captured from the compromised machine, and it is our task as digital forensics investigators to find the evidence of the attack. The memory capture file that was provided to us is in .mans format which is a Mandiant Analysis File. This should give…

by lightkunyagami November 7, 2023

Try Hack Me: Traverse

This room was on 8/4/2023 and is rated easy in difficulty. Shout-out to the room creator, @1337rce. You can access the room at https://tryhackme.com/room/traverse. Scenario: Bob is a security engineer at a firm and works closely with the software/DevOps team to develop a tourism web application. Once the website was moved from QA to Production,…

by lightkunyagami August 7, 2023August 8, 2023

What You Need to Know If You Are Thinking of Taking the SANS SEC504: Hacker Tools, Technique, and Incident Handling and the GIAC Certified Incident Handler Certification Exam

Who is the SEC504 course for? The content of the course can be considered for beginners in the Cybersecurity field- if and only if you have basic experience with Linux CLI and Windows CMD or PowerShell. I will cite an example later on. But if you have not done any Linux commands such as cd,…

by lightkunyagami August 4, 2023August 8, 2023

CyberDefenders: AzurePot

This Blue Team challenge was published on April 20, 2023, on CyberDefenders.org. You can access the challenge at https://cyberdefenders.org/blueteam-ctf-challenges/101#nav-overview. Shoutout to Tyler Hudak for creating the challenge. I completed the challenge on the same day it was published. I got so hooked that I didn’t want to stop until I completed it. I rated the…

by lightkunyagami April 29, 2023

How To Revoke A Letsencrypt Certificate If You Don’t Have The Account That Issued It Or The Private Key

Have you ever been in a situation where your organization stopped using cloud service and then realized that a valid certificate is still tied to the old IP address that you were assigned? That is the exact situation we were in, a scammy-looking gaming site was using the same IP address that our organization was…

by lightkunyagami April 26, 2023April 26, 2023

Try Hack Me: Boogeyman 1 (BlueTeam)

This room was released on 4/14/2023 and is rated medium in difficulty. Shout-out to the room creator, ar33zy. You can access the room at https://tryhackme.com/room/boogeyman1/. This is a blueteam side of the cybersecurity field. The skills/tools to be tested and needed to complete this challenge are Phishing Analysis, PowerShell Log Analysis, Linux Commands, and Traffic…

by lightkunyagami April 16, 2023

CyberDefenders: BlackEnergy

This Blue Team challenge was released on February 19, 2023 from CyberDefenders.org. You can access the room at https://cyberdefenders.org/blueteam-ctf-challenges/99#nav-questions. Shoutout to @HouseOfStark for creating the challenge and also for being so responsive and kind in entertaining questions and inquiries about the challenge on Discord. I’ve had interactions with other creators where they just shrugged their…

by lightkunyagami February 23, 2023February 24, 2023

Load more posts

Something went wrong. Please refresh the page and/or try again.

About Me

Hi, I go by “lightkunyagami” in the infosec/pentesting world. I am a father to two wonderful kids. I work full-time as a Senior Security Analyst for an organization in Salt Lake City, UT, and also as an Airman in the U.S. Air Force.

For questions, email me at inquiries@beginninghacking.net

• Facebook
• Twitter
• Instagram
• YouTube

Subscribe to My Blog

Get new content delivered directly to your inbox.