I passed the eCTHP exam on 11/22/2025. I am writing about my experience with the course and the exam because I have not seen many posts referencing this certification exam. The Course: Threat Hunting Professional (New!) The course’s instructor is Brian Olliff. It is divided into 6 domains: Introduction to Threat Hunting, Intelligence in Threat …
Tag Archives: writeup
Try Hack Me: Event Horizon
This room was released on 8/8/2025 and is rated HARD in difficulty. Shout-out to the room creator, hadrian3689. You can access the room at https://tryhackme.com/room/eventhorizonroom. This is a blueteam challenge. The skills/tools to be tested and needed to complete this challenge are Traffic Analysis using Wireshark, Debugging/Reverse Engineering using dnSpy, and Encoding/Decoding using CyberChef or Terminal. Scenario: Join Tom and …
LetsDefend: WannaCry Ransomware
LetsDefend rated this challenge as Medium in difficulty. This Blue Team challenge can be accessed at https://app.letsdefend.io/challenge/wannacry-ransomware. I answered the questions in this challenge using the tools Volatility, Oletools, and FTK Imager. I used 2 separate VMs for my analysis. One is a Remnux VM for memory analysis, and the other is a Windows 11 VM to analyze a …
SANS FOR500 (GCFE) vs 13Cubed Investigating Windows Endpoints
I am writing this comparison between the FOR500 (GCFE) and 13Cubed Investigating Windows Endpoints based on my experience studying both the study materials and taking their respective certification exams. I sat and passed the GCFE on 8/6/2024: I got certified in Investigating Windows Endpoints on 8/16/2024: First, I want to give a shout-out to Health …
Continue reading “SANS FOR500 (GCFE) vs 13Cubed Investigating Windows Endpoints”
LetsDefend: Discord Forensics
When I saw the Discord Forensics challenge on LetsDefend, it reminded me of some recent data leak incidents involving members of the US Air Force using the popular gaming community’s instant messaging and VoIP social platform Discord. And, so, I wanted to try how to investigate Discord artifacts. Below are some of the headlines showing …
CyberDefenders: Ramnit (Memory Forensic Analysis)
It’s been a while since my last blog entry here. I’ve finally been able to catch up with life after returning from deployment. I would also like to take this opportunity to thank all the men and women I got to rub shoulders with, sacrificing their time to serve their country and their fellowmen. You …
Continue reading “CyberDefenders: Ramnit (Memory Forensic Analysis)”
LetsDefend: Ransomware Attack
Scenario: An end-user device was infected by ransomware. A memory dump was captured from the compromised machine, and it is our task as digital forensics investigators to find the evidence of the attack. The memory capture file that was provided to us is in .mans format which is a Mandiant Analysis File. This should give …
Try Hack Me: Traverse
This room was on 8/4/2023 and is rated easy in difficulty. Shout-out to the room creator, @1337rce. You can access the room at https://tryhackme.com/room/traverse. Scenario: Bob is a security engineer at a firm and works closely with the software/DevOps team to develop a tourism web application. Once the website was moved from QA to Production, …
CyberDefenders: AzurePot
This Blue Team challenge was published on April 20, 2023, on CyberDefenders.org. You can access the challenge at https://cyberdefenders.org/blueteam-ctf-challenges/101#nav-overview. Shoutout to Tyler Hudak for creating the challenge. I completed the challenge on the same day it was published. I got so hooked that I didn’t want to stop until I completed it. I rated the …
How To Revoke A Letsencrypt Certificate If You Don’t Have The Account That Issued It Or The Private Key
Have you ever been in a situation where your organization stopped using cloud service and then realized that a valid certificate is still tied to the old IP address that you were assigned? That is the exact situation we were in, a scammy-looking gaming site was using the same IP address that our organization was …
N00b_H@ck3r 
You must be logged in to post a comment.