This room was released on 8/8/2025 and is rated HARD in difficulty. Shout-out to the room creator, hadrian3689. You can access the room at https://tryhackme.com/room/eventhorizonroom. This is a blueteam challenge. The skills/tools to be tested and needed to complete this challenge are Traffic Analysis using Wireshark, Debugging/Reverse Engineering using dnSpy, and Encoding/Decoding using CyberChef or Terminal. Scenario: Join Tom and …
Category Archives: Walkthroughs and Writeups
LetsDefend: WannaCry Ransomware
LetsDefend rated this challenge as Medium in difficulty. This Blue Team challenge can be accessed at https://app.letsdefend.io/challenge/wannacry-ransomware. I answered the questions in this challenge using the tools Volatility, Oletools, and FTK Imager. I used 2 separate VMs for my analysis. One is a Remnux VM for memory analysis, and the other is a Windows 11 VM to analyze a …
LetsDefend: Adobe ColdFusion RCE
Servers utilizing Adobe ColdFusion were exploited in the wild. LetsDefend rated this challenge as Medium in difficulty. This Blue Team challenge can be accessed at https://app.letsdefend.io/challenge/adobe-coldfusion-rce. I answered the questions using the tools Hayabusa, Timeline Explorer, CyberChef and PowerShell. Scenario: A web server was isolated for suspicious use of the nltest.exe command. Investigate the Windows …
LetsDefend: Discord Forensics
When I saw the Discord Forensics challenge on LetsDefend, it reminded me of some recent data leak incidents involving members of the US Air Force using the popular gaming community’s instant messaging and VoIP social platform Discord. And, so, I wanted to try how to investigate Discord artifacts. Below are some of the headlines showing …
CyberDefenders: Ramnit (Memory Forensic Analysis)
It’s been a while since my last blog entry here. I’ve finally been able to catch up with life after returning from deployment. I would also like to take this opportunity to thank all the men and women I got to rub shoulders with, sacrificing their time to serve their country and their fellowmen. You …
Continue reading “CyberDefenders: Ramnit (Memory Forensic Analysis)”
LetsDefend: Ransomware Attack
Scenario: An end-user device was infected by ransomware. A memory dump was captured from the compromised machine, and it is our task as digital forensics investigators to find the evidence of the attack. The memory capture file that was provided to us is in .mans format which is a Mandiant Analysis File. This should give …
Try Hack Me: Traverse
This room was on 8/4/2023 and is rated easy in difficulty. Shout-out to the room creator, @1337rce. You can access the room at https://tryhackme.com/room/traverse. Scenario: Bob is a security engineer at a firm and works closely with the software/DevOps team to develop a tourism web application. Once the website was moved from QA to Production, …
CyberDefenders: AzurePot
This Blue Team challenge was published on April 20, 2023, on CyberDefenders.org. You can access the challenge at https://cyberdefenders.org/blueteam-ctf-challenges/101#nav-overview. Shoutout to Tyler Hudak for creating the challenge. I completed the challenge on the same day it was published. I got so hooked that I didn’t want to stop until I completed it. I rated the …
Try Hack Me: Boogeyman 1 (BlueTeam)
This room was released on 4/14/2023 and is rated medium in difficulty. Shout-out to the room creator, ar33zy. You can access the room at https://tryhackme.com/room/boogeyman1/. This is a blueteam side of the cybersecurity field. The skills/tools to be tested and needed to complete this challenge are Phishing Analysis, PowerShell Log Analysis, Linux Commands, and Traffic …
CyberDefenders: BlackEnergy
This Blue Team challenge was released on February 19, 2023 from CyberDefenders.org. You can access the room at https://cyberdefenders.org/blueteam-ctf-challenges/99#nav-questions. Shoutout to @HouseOfStark for creating the challenge and also for being so responsive and kind in entertaining questions and inquiries about the challenge on Discord. I’ve had interactions with other creators where they just shrugged their …
N00b_H@ck3r 
You must be logged in to post a comment.