State of the Homelab

My homelab has undergone some pretty massive changes since Christmas. I got some gifts that really bolstered my homelab, and expanded my capability to self-host various services and tinker with different kinds of hardware. There will be a few posts on this considering the additional hardware, software, and organizational changes

THM - Advent of Cyber [Day 24]

This is the last event in THM’s Advent of Cyber event. I was unable to get it done on the day it came out since I was with family for Christmas, but I have until the 27th to get everything done for a chance at some of the sweet

THM - Advent of Cyber [Day 23]

This task involves more investigation of PowerShell logging. This seems very familiar considering the Day 8 challenge was digging into PowerShell logs as well. On a normal windows box, you would go into event viewer to check out logs, but it for the purposes of this task a third party

THM - Advent of Cyber [Day 22]

Obfuscation and investigation of some malicious Microsoft office macros are the focus of the task today. We’ll be using oledump.py to investigate the office files. Office files, interestingly enough, are actually more like zipped files, but instead of zip, they are OLE. We’ll be looking at base64

THM - Advent of Cyber [Day 21]

The task for today deals with Yara and Yara rules, which are a way of automating virus detection. We can setup Yara rules to search for and detect families of viruses. Here’s an example of a Yara rule: rule rulename { meta: author = "tryhackme" description = "test rule" created = "11/12/

THM - Advent of Cyber [Day 20]

Today’s task is about finding and dealing with viruses and antiviruses. This task has us run the file command in linux to help ID the file type that we’re dealing with. It also prompts us to use the strings command. This will help to see specific strings associated

THM - Advent of Cyber [Day 19]

Phishing is the focus of the task for the 19th. Phishing is a common attack vector, and one that to be honest I haven’t had a lot of experience with considering that most ctfs don’t deal with them. Phishing is an attempt to get a foothold into a

THM - Advent of Cyber [Day 18]

today’s task, or rather yesterday’s, is about docker! I’m excited about this because my new homelab setup (writeup coming soon) relies on proxmox and docker for basically everything. I’ve been messing around a lot with docker recently, and I’m excited to not only test my

THM - Advent of Cyber [Day 17]

Sometimes users in an enterprise network, in an effort to get their job quicker or get around security implementations in the production network, will use public cloud based services to get their job done quicker. This is obviously not best practice, and even has a name, Shadow IT. This is

THM - Advent of Cyber [Day 15 & 16]

Day 15 Today’s task is a break about what kind of security roles there are available, which actually works out perfectly for me considering that last night I ended up working late and couldn’t get to posting a write up anyway. Unfortunately I also lost my streak so

THM - Advent of Cyber [Day 14]

Today’s task is about DevOps which is a mix of development and IT operations in an effort to shorten development times on software. Specifically, this task deals with the ideas of continuous integration, continuous delivery in DevOps. This is also known as CI/CD. * CI is storing all code

THM - Advent of Cyber [Day 13]

Today’s task involves walking through a privilege escalation of a windows machine. We get a rundown of different type of accounts in a Windows environment. The task describes three types of accounts on a Windows Server: 1. Domain Admin – this is the highest account type that can manage all

THM - Advent of Cyber [Day 12]

The task today involves using nmap to scan a vulnerable system, discovering an NFS share, and mounting that share so that we can access it on our attacking machine. Here’s the typical nmap scan that I use when I decide not to run threader3000: nmap-sV -sC -T4 -Pn -oA

THM - Advent of Cyber [Day 11]

Today’s task deals with databases again, only this time, it deals with MySQL which is a Relational Database Management System (RDMS). The task does a good job of explaining what a relational database is by giving an example of a workshop with tables that have interconnected relationships. I like

THM - Advent of Cyber [Day 10]

Today’s task involves a good review of some basic concepts such as IP addressing, network protocols, and common network ports. In my opinion, you can never have enough review of the basics. I’m a firm believer in repetition being the mother of all learning. This task also deals

THM - Advent of Cyber [Day 9]

Today’s task is all about packet analysis. Being able to diagnose network issues via packet analyzation is an invaluable skill for IT professionals. For attackers, if there is any data traveling over a network via insecure protocols (ie HHTP instead of HTTPS), that could be caught by a packet

THM - Advent of Cyber [Day 8]

Today’s task involves the wonderful world of windows and digging through some PowerShell Transcription logs. Apparently someone at Grinch Enterprises has stolen Santa’s laptop and the only clues we have are some old PS transcription logs. I’m excited for this one because since getting my system admin

THM - Advent of Cyber [Day 7]

Today’s task deals with databases. I don’t know too much about databases, so I’m excited to learn something new today. The task deals mainly with NoSQL (non SQL) databases and specifically a type of NoSQL database called Mongo DB. The naming scheme is different between SQL and

THM - Advent of Cyber [Day 6]

Today’s task is about LFI or Local File Inclusion. LFI vulnerabilities are quite common in ctfs so I feel at home with this task. An LFI vulnerability allows attackers to read files that are stored locally on the server that were not meant to be accessed. Obviously this is

THM - Advent of Cyber [Day 5]

Today’s task deals with XSS (Cross Site Scripting). XSS is when malicious JavaScript is injected into a web app and can sometimes be executed by other users depending on the type of XSS. The task describes the four types of XSS vulnerabilities: DOM, reflected, stored, and blind. DOM Document

THM - Advent of Cyber [Day 4]

Today’s task involves using burpsuite. Towards my last stint of doing ctfs and playing around with info sec tools, I was starting to really dig into the power of burpsuite. I remember THM’s burpsuite room being a good introduction. It also seems like they now have a series

THM - Advent of Cyber [Day 3]

This task deals with content discovery. It begins by mentioning that content includes assets and the backend of applications. Web servers serve files unless specified not to. Attackers can take advantage of this by gaining access to content that wasn’t intended to be accessed. They can gain access to

THM - Advent of Cyber [Day 2]

This task is about web exploitation, specifically cookies and exploiting authentication through them. It talks about HTTP requests, methods, headers and of course cookies. It talks about GET requests and how those are typical when you’re loading something on a webpage. It also mentions HTML being the “language of

THM - Advent of Cyber [Day 1]

Last year I participated in the Advent of Cyber event on TryHackMe. I learned a lot from this event, and  I was happy to see that they are continuing the Advent of Cyber series this year as well. I only have two regrets from last year. The first was that

Ansible

Recently at my job I’ve been working with Ansible, which is an IT automation technology that is capable of issuing commands to multiple servers utilizing ssh. Because it utilizes ssh, it does not require any extra packages installed on target boxes. Ansible “scripts” are called playbooks, which are written