Welcome to “cat root.txt” Write-ups
The contents of this blog are from my own experience and methodology on how I solved rooms in tryhackme.com and rooted boxes in hackthebox.eu. This is my personal blog and in no way I am getting paid by both hacking education platforms. THM and HTB do not recommend write-ups to be published in public when a room or box is new. THM room creators normally don’t want any spoilers, hints or write-ups within 3 days of releasing the room. For HTB, the box needs to be retired before write-ups get posted.
Entries:
Security Blue Team: More Than Just a Cyber Defender Company, But Also a Mental Health Defender
This is going to be my first blog entry that has nothing to do with any TryHackMe, HackTheBox, CyberDefenders, or Security Blue Team write-ups or walkthroughs. Since my interest in cyber security began, I have always been enamored with the Red Team side of it. But, as I became sucked deeper into the Red Team …
CyberDefenders: DetectLog4j-CTF
This challenge was released on 01/16/2022 from CyberDefenders. You can access the room at https://cyberdefenders.org/labs/86. This is another blueteam challenge. The skills/tools to be tested and needed to complete this challenge are Autopsy or FTK Imager, dnSpy, VirusTotal, and PowerShell. I hope you will find my write-up helpful. What is the computer hostname? vcw65 What …
Continue reading “CyberDefenders: DetectLog4j-CTF”
Try Hack Me: Conti
This room was released on 1/7/2021 and it is rated Medium in difficulty. Shou-out to the room creator, @heavenraiza who also recognized Bohan Zhang for the challenge. You can access the room at https://tryhackme.com/room/contiransomwarehgh. This is a blueteam challenge. The skills/tools to be tested and needed to complete this challenge are Splunk and Googling. I …
Continue reading “Try Hack Me: Conti”
CyberDefenders: BSidesJeddah-Part2 (Memory Image Forensics)
This challenge was released on 12/14/2021 from CyberDefenders. You can access the room at https://cyberdefenders.org/labs/82. This is another blueteam challenge. The skills/tools to be tested and needed to complete this challenge are 99% between volatility2 and volatility3, and 1% Googling, MITRE, Crackstation, and CyberChef. In this challenge, you will gain a better appreciation of how …
Continue reading “CyberDefenders: BSidesJeddah-Part2 (Memory Image Forensics)”
Try Hack Me: Carnage
This room was released on 11/25/2021 and it is rated medium in difficulty. Shout-out to the room creators, RussianPanda [She/Her] and Heavenraiza. You can access the room at https://tryhackme.com/room/c2carnage. This is another blueteam side of the cybersecurity field. The skills/tools to be tested and needed to complete this challenge are WireShark, VirusTotal, and Malware and …
Continue reading “Try Hack Me: Carnage”
Try Hack Me: Squid Game
This room was released on 11/11/2021 and it is rated hard in difficulty. Shout-out to the room creators, @RussianPanda [She/Her] and @heavenraiza. You can access the room at https://tryhackme.com/room/squidgameroom. This is room is more on the blue side of the cybersecurity field. The skills/tools to be tested and needed to eliminate the five attackers in …
Continue reading “Try Hack Me: Squid Game”
How to Upgrade OpenSSH on Linux
This is a walk-through on how to upgrade your version of OpenSSH. One of the main reasons why an organization needs to upgrade their OpenSSH server is when there are vulnerabilities found on older versions, especially findings from Security Rating solutions providers such as BitSight, SecurityScorecard, and even just Shodan. Everything that I have found …
Continue reading “How to Upgrade OpenSSH on Linux”
Try Hack Me: H4cked
This room is one of the easiest rooms I’ve seen on Try Hack Me. The skills/tools to be tested and needed to finish this room are: FTP, Hydra, Web Shell, Netcat, Reverse Shell, and Wireshark. The room’s creator is @toxicat0r. You can access the room at https://tryhackme.com/room/h4cked I was assigned a target IP address of …
Continue reading “Try Hack Me: H4cked”
Why I Think Security Blue Team’s BTL1 Certification is the Gold Standard for SOC Analysts
The good stuff first I woke up at 4:30 AM to take a leak, and just had a feeling to check my email quick before jumping back to bed. And then I saw the best email I could ever wish for from Security Blue Team: Needless to say, I was not able to go back …
Try Hack Me: Chocolate Factory
The skills to be tested and needed to solve this room are: port scanning, fuzzing, steganography, privelege escalation, reverse shell. This room was released on 1/17/2021 and it is rated easy in difficulty. Shout-out to the room creators, @0x9747, @saharshtapi and @AndyInfoSec. You can access the room at https://tryhackme.com/room/chocolatefactory. I was assigned a target IP …
Continue reading “Try Hack Me: Chocolate Factory”
Try Hack Me: ColddBox Easy
This room is another super easy and it is perfect for beginners who want to try penetration testing/hacking. The skills/tools to be tested and needed to solve this room are: NMAP, Fuzzing Enumeration, WordPress, and Privilege Escalation through SUID. The room’s creator is @C0ldd. You can access the room at https://tryhackme.com/room/colddboxeasy. I was assigned a …
Continue reading “Try Hack Me: ColddBox Easy”
Try Hack Me: Brute It
This room is super easy and it is perfect for beginners who want to try pentesting/hacking. The skills/tools to be tested and needed to solve this room are: NMAP, Fuzzing/Enumeration, SSH, Brute Forcing, Hash Cracking, and Privilege Escalation. This room was released on 11/06/2020 and it is rated easy in difficulty. Shout-out to the room …
Continue reading “Try Hack Me: Brute It”
Try Hack me: Startup
The skills/tools to be tested and needed to solve this room are: NMAP, Fuzzing/Enumeration, FTP, Webshell, Reverse Shell, Wireshark, Interpreting/Understanding scripts, and Starting your own web server. This room was released on 11/08/2020 and it is rated easy in difficulty. Shout-out to the room creator, @r1gormort1s. You can access the room at https://tryhackme.com/room/startup. I was …
Continue reading “Try Hack me: Startup”
Well-Crafted Spear-Phishing Caught by our SEG
One or more employees of a Healthcare System had their email account(s) taken over by malicious user(s). An email was sent to some of our employees, luckily our SEG positively identified the email as a spear-phishing attempt. The malicious emails were automatically quarantined, but I went ahead and looked it up anyway as I was …
Continue reading “Well-Crafted Spear-Phishing Caught by our SEG”
Why Do I Keep On Studying For Degrees And Certifications? (My zero to hero in cyber security)
Originally posted on 4/24/2020, but decided to add this here on my blog. Today (10/27/2020) was supposed to be the day I would finally put the cap on, walk, and formally be awarded with the Master of Science degree in Cyber Security and Information Assurance from Southern Utah University unfortunately due to the COVID-19, the …
Loading…
Something went wrong. Please refresh the page and/or try again.
About Me
Hi, I go by “lightkunyagami” in the infosec/pentesting world. I am a husband to an amazing wife, a father to two wonderful kids. I work full-time as a Security Analyst for an organization in Salt Lake City, UT, and also an Airman in the U.S. Air Force. I am a regular on both tryhackme.com and hackthebox.eu, but mostly THM lately.
This blog will typically contain write-ups of rooms from tryhackme.com and boxes from hackthebox.eu.
For questions, email me at inquiries@beginninghacking.net
Subscribe to My Blog
Get new content delivered directly to your inbox.
N00b_H@ck3r 
You must be logged in to post a comment.