UFO-1 | HackTheBox Sherlocks Writeup
Feb 4 · 3 min read · Questions: According to the sources cited by Mitre, in what year did the Sandworm Team begin operations? Pretty straightfoward. Just google Sandworm Team andyou’ll find the MITRE listing about them. Answer: 2009 Mitre notes two credential access ...
Join discussion
Dream Job-2 | HackTheBox Writeup
Feb 3 · 4 min read · Questions: According to MITRE ATT&CK, what previously known malware does DRATzarus share similarities with? Lookup DRATzarus on the MITRE ATT&CK website. You’ll find the answer in the first para itself. Answer: Bankshot Which Windows API functio...
Join discussion
Writeup: The Game v2
Feb 2 · 4 min read · Introduction I recently signed up for TryHackMe to learn some basic pen-testing skills and improve my Linux knowledge. Besides targeted training courses, the platform offers challenges of varying difficulty levels and topics. A cool feature is that y...
Join discussionColddBox: Easy Room on TryHackMe: Complete Walkthrough and Guide
Jan 3 · 3 min read · LINK - https://tryhackme.com/room/colddboxeasy OVERVIEW We are given an IP Address Let’s scan it using NMAP ENUMERATION So we have two open ports PORT 80 and PORT 4512 of web and ssh respectivelyAlso we can see the website is running WordPress 4.1...
Join discussion
Malicious Powershell Analysis | BTLO Writeup
Jan 2 · 2 min read · Decrypting PS script: First things first, before starting our analysis, we’re supposed to decrypt the powershell command that has been given to us in our challenge question. Naturally, I tried using Base64 and Base85 but that didnt seem to work. I t...
Join discussion
Insider Lab | CyberDefenders Writeup
Sep 23, 2025 · 2 min read · Questions: Which Linux distribution is being used on this machine? To find this, first extract the zip file and open the .ad1 file on FTKImager. Then, search through the boot files to find the distribution being used. Answer: Kali What is the MD5...
Join discussion
Lockdown Lab | CyberDefenders Writeup
Sep 23, 2025 · 4 min read · Questions: After flooding the IIS host with rapid-fire probes, the attacker reveals their origin. Which IP address generated this reconnaissance traffic? IIS is a flexible and extensible web server software developed by Microsoft for Windows operat...
Join discussion
Silent Breach Lab | CyberDefenders Writeup
Sep 22, 2025 · 3 min read · Questions: What is the MD5 hash of the potentially malicious EXE file the user downloaded? Since the questions asks us the hash of the file downloaded, we can navigate to the Downloads folder to find the suspicious file. The file has a double exte...
Join discussion
Block | TryHackMe Writeup
Sep 20, 2025 · 3 min read · Questions: What is the username of the first person who accessed our server? We can find this easily by using the smb2 filter on Wireshark Answer: mrealman What is the password of the user in question 1? For this, we can use pypykatz to find the...
Join discussion