Brief Setup Hardware: 1x Kali Virtual Machine File Location: /home/kali/Desktop/Malware/FollinaChallenge/sample/sample.doc Questions Question 1) What is the SHA1 hash value of the sample? (Format: SHA1Hash) (1 points) Answer: 06727ffda60359236a8029e0b3e8a0fd11c23313 Question 2) According to VirusTotal, what is the full filetype of the provided sample? (Format: X X X X) (1 points) Answer: Open Office XML Document Question…
The Power of the Incident Response Plan
Incident response is a key element of SOC and having the appropriate resources and procedures in place beforehand is a vital element to responding effectively to incidents. In this article I will be doing a high level overview of the incident response process and how it affects the SOC’s ability to handle problems. Incident response…
Journey to CYSA+
I am happy to announce I have taken and passed the examination for the CYSA+ examination. While I should be relaxing I’m finding myself in the typical position of being unable to shake the feeling I should be doing something productive so inspired by an article I read during my preparation for this exam I’m…
Web App Vulnerabilities – Types and Safeguarding
As we move onto preparing for the CYSA+ 002 exam I am going to be reinforcing some of my learning by documenting them. Something which I have often struggled with is web attacks and how to recognise them. This is part of objective 1.3 of the Comptia CYSA+ exam. Types of Web Attacks There are…
Analysis – MOVEit File Transfer Vulnerability
Within the Cybersecurity field it is essential to be up to date with current events, especially those with potentially critical impacts to an organisation. As such with new victims being released everyday I’ve been reading up on this vulnerability and look to covering it to reinforce the learning. What is the MOVEit vulnerability? The MOVEit…
Windows System Processes – what they are and detecting malicious intrusion or fakes
I’m currently learning the ‘Core Windows Processes’ module on TryHackMe and a topic which stuck out to me is the detection and eradication of Malicious Windows Processes. For the examples used in this article I have used Process Hacker. What is a malicious Windows process? Commonly deployed as part of a root kit which compromises…
[THM] OSINT Exercise
Difficulty: Easy Objectives To start this task we are provided with an image. The image is of the Windows XP Background. Step 1 – Analysing the Image Since all we have is the image to work off we’ll start by checking the metadata of the image. A reverse image search may also pull results, however…
[PRACTICE1] – [THM EASY] – Basic Pentesting
Now we have a basic understanding of enumeration and basic exploiting, I will be starting on some practice sessions. This one of the basic offering by TryHackMe and provides an end goal but not instructions. Target IP: 10.10.92.53 Objectives:1. Find the services exposed by the machine2. Find the hidden directory3. Brute force the username/password4. Locate…
THM – Hacking SQL
Finishing off the extended Network Services section of TryHackMe is SQL. I will cover SQL in a later knowledge article however this session will focus on enumerating and exploiting improperly configured SQL servers. Note this is using mySQL. Target IP Address: 10.10.59.74 (IP changed after initial scan) Assumed login details: root:password Footprinting & Enumeration To…
THM – Enumerating and Exploiting a SMTP server
To follow up on todays knowledge post we are doing some practice on some active footprinting, enumerating and exploiting a SMTP server. Target IP Address: 10.10.239.254 Footprinting / Enumeration So to start with we’ll run a port scan. Again for this we’ll be using nmap. Analysing the output we can see that port 22 and…