Recent
(Writeup) HackTheBox Labs - Machine - Expressway
Easy Linux Box. Exploiting IKE Aggressive Mode to capture and crack a VPN PSK hash, then abusing a sudo CVE for root.
(Writeup) LetsDefend Challenge - Brute Force Attacks
Analyzing a PCAP and Linux auth.log to investigate HTTP, RDP, and SSH brute-force activity, identifying successful credential compromise, and quantifying failed login attempts.
(Writeup) LetsDefend EventID: 76 - [SOC137 - Malicious File/Script Download Attempt]
Investigating a malicious DOCM download attempt, validating the file hash via VirusTotal, confirming no execution or C2 communication occurred, and verifying the threat was successfully blocked before impact.
(Writeup) LetsDefend EventID: 75 - [SOC105 - Requested T.I. URL address]
Investigating a threat intelligence alert triggered by a bit.ly URL, expanding the shortened link to its final destination, validating reputation across VirusTotal, and confirming the traffic was legitimate mobile application activity before closing as a false positive.
(Writeup) LetsDefend EventID: 28 - [SOC105 - Requested T.I. URL address]
Investigating a threat intelligence alert tied to a known malicious URL, validating indicators across external and internal TI sources, correlating proxy and endpoint logs, and determining the activity was part of an authorized internal firewall test.