This room was released on 8/8/2025 and is rated HARD in difficulty. Shout-out to the room creator, hadrian3689. You can access the room at https://tryhackme.com/room/eventhorizonroom. This is a blueteam challenge. The skills/tools to be tested and needed to complete this challenge are Traffic Analysis using Wireshark, Debugging/Reverse Engineering using dnSpy, and Encoding/Decoding using CyberChef or Terminal. Scenario: Join Tom and …
Tag Archives: dfir
LetsDefend: WannaCry Ransomware
LetsDefend rated this challenge as Medium in difficulty. This Blue Team challenge can be accessed at https://app.letsdefend.io/challenge/wannacry-ransomware. I answered the questions in this challenge using the tools Volatility, Oletools, and FTK Imager. I used 2 separate VMs for my analysis. One is a Remnux VM for memory analysis, and the other is a Windows 11 VM to analyze a …
SANS FOR500 (GCFE) vs 13Cubed Investigating Windows Endpoints
I am writing this comparison between the FOR500 (GCFE) and 13Cubed Investigating Windows Endpoints based on my experience studying both the study materials and taking their respective certification exams. I sat and passed the GCFE on 8/6/2024: I got certified in Investigating Windows Endpoints on 8/16/2024: First, I want to give a shout-out to Health …
Continue reading “SANS FOR500 (GCFE) vs 13Cubed Investigating Windows Endpoints”
LetsDefend: Discord Forensics
When I saw the Discord Forensics challenge on LetsDefend, it reminded me of some recent data leak incidents involving members of the US Air Force using the popular gaming community’s instant messaging and VoIP social platform Discord. And, so, I wanted to try how to investigate Discord artifacts. Below are some of the headlines showing …
CyberDefenders: BlackEnergy
This Blue Team challenge was released on February 19, 2023 from CyberDefenders.org. You can access the room at https://cyberdefenders.org/blueteam-ctf-challenges/99#nav-questions. Shoutout to @HouseOfStark for creating the challenge and also for being so responsive and kind in entertaining questions and inquiries about the challenge on Discord. I’ve had interactions with other creators where they just shrugged their …
How to Setup Your Own Malware Analysis Box – Cuckoo Sandbox
I am writing this blog entry because I know I was not the only one who had trouble setting up my own malware analysis box – Cuckoo. I have tried many tutorials, both written and video recorded, and I could never make it work. Finally, I decided to work on it until I came up …
Continue reading “How to Setup Your Own Malware Analysis Box – Cuckoo Sandbox”
LetsDefend: PDF Analysis
WARNING: Do not open/run the pdf file on your local machine because it is malicious. Use the sandbox to analyze the file. Scenario: An employee has received a suspicious email. The employee reported this incident and mentioned that they did not download or open the attachment as they found the email very suspicious. They wish …
N00b_H@ck3r 
You must be logged in to post a comment.