I passed the eCTHP exam on 11/22/2025. I am writing about my experience with the course and the exam because I have not seen many posts referencing this certification exam. The Course: Threat Hunting Professional (New!) The course’s instructor is Brian Olliff. It is divided into 6 domains: Introduction to Threat Hunting, Intelligence in Threat …
Author Archives: lightkunyagami
Try Hack Me: Event Horizon
This room was released on 8/8/2025 and is rated HARD in difficulty. Shout-out to the room creator, hadrian3689. You can access the room at https://tryhackme.com/room/eventhorizonroom. This is a blueteam challenge. The skills/tools to be tested and needed to complete this challenge are Traffic Analysis using Wireshark, Debugging/Reverse Engineering using dnSpy, and Encoding/Decoding using CyberChef or Terminal. Scenario: Join Tom and …
LetsDefend: WannaCry Ransomware
LetsDefend rated this challenge as Medium in difficulty. This Blue Team challenge can be accessed at https://app.letsdefend.io/challenge/wannacry-ransomware. I answered the questions in this challenge using the tools Volatility, Oletools, and FTK Imager. I used 2 separate VMs for my analysis. One is a Remnux VM for memory analysis, and the other is a Windows 11 VM to analyze a …
My Journey to TryHackMe’s Security Analyst Level 1 (SAL1) Certification
From Creepy Teaser to Certified SAL1: On February 20, 2025, TryHackMe posted the below image on their “announcements” channel on Discord. When I saw it, I thought it was creepy because Halloween was almost four months over. The silhouette looked like a tombstone. I thought it was probably a new event, like the King of …
Continue reading “My Journey to TryHackMe’s Security Analyst Level 1 (SAL1) Certification”
SANS FOR500 (GCFE) vs 13Cubed Investigating Windows Endpoints
I am writing this comparison between the FOR500 (GCFE) and 13Cubed Investigating Windows Endpoints based on my experience studying both the study materials and taking their respective certification exams. I sat and passed the GCFE on 8/6/2024: I got certified in Investigating Windows Endpoints on 8/16/2024: First, I want to give a shout-out to Health …
Continue reading “SANS FOR500 (GCFE) vs 13Cubed Investigating Windows Endpoints”
LetsDefend: Adobe ColdFusion RCE
Servers utilizing Adobe ColdFusion were exploited in the wild. LetsDefend rated this challenge as Medium in difficulty. This Blue Team challenge can be accessed at https://app.letsdefend.io/challenge/adobe-coldfusion-rce. I answered the questions using the tools Hayabusa, Timeline Explorer, CyberChef and PowerShell. Scenario: A web server was isolated for suspicious use of the nltest.exe command. Investigate the Windows …
LetsDefend: Discord Forensics
When I saw the Discord Forensics challenge on LetsDefend, it reminded me of some recent data leak incidents involving members of the US Air Force using the popular gaming community’s instant messaging and VoIP social platform Discord. And, so, I wanted to try how to investigate Discord artifacts. Below are some of the headlines showing …
CyberDefenders: Ramnit (Memory Forensic Analysis)
It’s been a while since my last blog entry here. I’ve finally been able to catch up with life after returning from deployment. I would also like to take this opportunity to thank all the men and women I got to rub shoulders with, sacrificing their time to serve their country and their fellowmen. You …
Continue reading “CyberDefenders: Ramnit (Memory Forensic Analysis)”
LetsDefend: Ransomware Attack
Scenario: An end-user device was infected by ransomware. A memory dump was captured from the compromised machine, and it is our task as digital forensics investigators to find the evidence of the attack. The memory capture file that was provided to us is in .mans format which is a Mandiant Analysis File. This should give …
Try Hack Me: Traverse
This room was on 8/4/2023 and is rated easy in difficulty. Shout-out to the room creator, @1337rce. You can access the room at https://tryhackme.com/room/traverse. Scenario: Bob is a security engineer at a firm and works closely with the software/DevOps team to develop a tourism web application. Once the website was moved from QA to Production, …
N00b_H@ck3r 
You must be logged in to post a comment.