Try Hack Me: H4cked

This room is one of the easiest rooms I’ve seen on Try Hack Me. The skills/tools to be tested and needed to finish this room are: FTP, Hydra, Web Shell, Netcat, Reverse Shell, and Wireshark. The room’s creator is @toxicat0r. You can access the room at https://tryhackme.com/room/h4cked I was assigned a target IP address of …

Well-Crafted Spear-Phishing Caught by our SEG

One or more employees of a Healthcare System had their email account(s) taken over by malicious user(s). An email was sent to some of our employees, luckily our SEG positively identified the email as a spear-phishing attempt. The malicious emails were automatically quarantined, but I went ahead and looked it up anyway as I was …

Why Do I Keep On Studying For Degrees And Certifications? (My zero to hero in cyber security)

Originally posted on 4/24/2020, but decided to add this here on my blog. Today (10/27/2020) was supposed to be the day I would finally put the cap on, walk, and formally be awarded with the Master of Science degree in Cyber Security and Information Assurance from Southern Utah University unfortunately due to the COVID-19, the …

Try Hack Me: Poster

The skills to be tested and needed to solve this room are: rdbms, postgressql, nmap, Metaspolit, privilege escalation, SSH, find and enumeration. This room was released today, 9/11/2020. Shout-out to the room creator, @stuxnet. You can access the room at https://tryhackme.com/roomposter I was assigned a target IP address of 10.10.66.128. You will be assigned a …

Try Hack Me: RootMe

The skills to be tested and needed to solve this room are: nmap, GoBuster, privilege escalation, SUID, find, webshell, and gtfobins. This room was released today, 9/9/2020. Shout-out to the room creator, @reddyyZ. You can access the room at https://tryhackme.com/room/rootme I was assigned a target IP address of 10.10.177.208. You will be assigned a different …

Try Hack Me: GamingServer

The skills to be tested and needed to solve this room are: nmap, GoBuster, lxd, privilege escalation, local web server, ssh2john, and John. This room was released on 8/30/2020. The initial foothold to me was super easy, but I struggled with the privilege escalation in exploiting lxd. I was really excited because in one of …

Try Hack Me: Kiba

The skills to be tested and needed to solve this room are: rustscan, CVE, capabilities, privilege escalation, reverse-shell, and nc (netcat). This room was released today 8/28/2020, and I wanted to try if I can crack it. It took me less than 30 minutes to retrieve the root flag. This is also the first time …

Try Hack Me: Tartarus

The skills to be tested and needed to solve this room are: nmap, gobuster, hydra, burp suite, privilege escalation, cron jobs, and nc (netcat). This room has three privilege escalations, two horizontal lateral movement and the last one obviously is vertical. This room was released on 8/13/2020, and I wanted to try if I can …

Real World “Credential-Stealing” Phishing Email SEG-Missed

We have heard it many times that Email Phishing and Social Engineering are the hardest threat vectors to remediate. Or should I say, there is no perfect solution against them since they target end users and their security awareness. Not even the cybersecurity training firm giant, SANS, is exempted to falling victim to a phishing …

Try Hack Me: Overpass 2 – Hacked

The skills to be tested and needed to solve this room are: Forensics, Wireshark, Hashcat, John, Hydra, and SUID. Analyzing the PCAP using Wireshark was a great review for me. Cracking the hash with the salt made me do extra researching on how to identify hashes and which hash-type to use to crack the them. …