Tcpdump Packet Filtering Tcpdump provides a robust and efficient way to parse the data included in our captures via packet filters. This section will examine those filters and get a glimpse at how ...

Summary Introduction: In this memory analysis report, we delve into the identification and investigation of a suspicious process detected within the system’s memory. By leveraging the Volatility f...

What is the SHA1 hash of Triage-Memory.mem (memory dump)? c95e8cc8c946f95a109ea8e47a6800de10a27abd What volatility profile is the most appropriate for this machine? (ex: Win10x86_14393) using vol...

Challenge Details: It is common for threat actors to utilize living off the land (LOTL) techniques, such as the execution of PowerShell to further their attacks and transition from macro code. This...

Analysing Malicious PDF’s Here we are again, delving into the realm of analyzing malicious PDF files.It’s crucial to recognize that PDFs can harbor various other types of code, all capable of execu...

Introduction The expected outcome of this room is to determine if a document is indeed malicious and then look for the following indicators: Presence of Malicious URLs References to File Nam...

Holo is an Active Directory and Web Application attack lab that teaches core web attack vectors and advanced\obscure Active Directory attacks along with general red teaming methodology and concep...

Machine abstract Skills Learned Exploitation method 1 Enumeration Nmap with the command nmap -sC -sV -A -oN nmap.scans -vv 10.10.10.37 ┌──(root㉿kali)-[/home/…/Documents/CTFs/HackTheBox/Blo...

Machine abstract MetaTwo is a Linux machine presenting an entry-level challenge. The website, powered by WordPress, employs a plugin susceptible to unauthenticated SQL injection (CVE-2022-0739). T...

Machine abstract This Linux system hosts a web application capable of generating PDF files from websites using pdfkit. Unfortunately, a vulnerability in pdfkit exposes the application to Command I...