Another Security Blog

A place to show my mad skills

TidBits Walkthroughs Resources Projects View on GitHub

New posts should show here…

TB - GNS3 Lab: DHCP Snooping

Lab from Renee Molenaar

TB - GNS3 Lab: Multiple Spanning Tree (MST)

Lab from Renee Molenaar

TB - GNS3 Lab: PAgP LACP Etherchannel

Lab from Renee Molenaar

TB - GNS3 Lab: Private VLAN

Lab from Renee Molenaar NOTE: I know there is a mismatch on interfaces between the fast ethernet and gigabit ethernet in my own topology.

TB - GNS3 Lab: PVRST (Custom Topology) - Verification Guide

Lab from Renee Molenaar

Sherlock Logjammer: Easy

From HTB: “You have been presented with the opportunity to work as a junior DFIR consultant for a big consultancy. However, they have provided a technical assessment for you to complete. The consultancy Forela-Security would like to gauge your Windows Event Log Analysis knowledge. We believe the Cyberjunkie user logged in to his computer and may have taken malicious actions. Please analyze the given event logs and report back.”

TB - GNS3 Lab: Spanning Tree Protocol (STP) with BPDUGuard

Lab from Renee Molenaar

Full Meal: Bumblebee Sherlock

RETIRED: Bumblebee Sherlock Walkthrough

TB - GNS3 Lab: Spanning Tree Protocol (STP) with Loop Guard

Loops

TB - GNS3 Lab: Spanning Tree Protocol (STP) with Root Guard

Rooooooooooooooooooooooot

TB - GNS3 Lab: UDLD

Simulating UDLD Failure in GNS3 Without MAC ACL Support

TB - GNS3 Lab: VACL (VLAN Access Lists) with GNS3Vault

In this blog, I walk through the lab step-by-step and include screenshots to document my process and learning.

TB - GNS3 Lab: VLANs and Trunks (Part 2) with GNS3Vault

In this blog, I walk through the lab step-by-step and include screenshots to document my process and learning.

TB Noxious

LLMNR Poisoning Walkthrough

TB VTP - GNS3 Lab: VLAN Trunking Protocol (VTP) with GNS3Vault

In this blog, I walk through the lab step-by-step and include screenshots to document my process and learning.

TB First GNS3 Topology

Network Simulation

TB Reaper

scenario: Our SIEM alerted us to a suspicious logon event which needs to be looked at immediately. The alert details were that IP Address and the Source Workstation name were a mismatch. You are provided a network capture and event logs from the surrounding time around the incident time. Corelate the given evidence and report back to your SOC Manager.

TB PCAP

What is PCAP (Packet Capture)?

TB Crown Jewel 1 + 2

adding notes for the future for ntds.dit while completing some sherlocks to help solidify understanding of event logs.

TB Event Logs

An event log is a file that contains information about usage and operations of operating systems,

Sherlock Loggy: Very Easy

From HTB website, our scenario “Janice from accounting is beside herself! She was contacted by the SOC to tell her that her work credentials were found on the dark web by the threat intel team. We managed to recover some files from her machine and sent them to the our REM analyst.”

Sherlock Origins: Very Easy

From HTB website, our scenario “A major incident has recently occurred at Forela. Approximately 20 GB of data were stolen from internal s3 buckets and the attackers are now extorting Forela. During the root cause analysis, an FTP server was suspected to be the source of the attack. It was found that this server was also compromised and some data was stolen, leading to further compromises throughout the environment. You are provided with a minimal PCAP file. Your goal is to find evidence of brute force and data exfiltration.”

Sherlock Brutus: Very Easy

From HTB website, our scenario “you will familiarize yourself with Unix auth.log and wtmp logs. We’ll explore a scenario where a Confluence server was brute-forced via its SSH service. After gaining access to the server, the attacker performed additional activities, which we can track using auth.log. Although auth.log is primarily used for brute-force analysis, we will delve into the full potential of this artifact in our investigation, including aspects of privilege escalation, persistence, and even some visibility into command execution.”

Incident Handling Process Module: notes

incidents are not a question of “if” but “when.”

CCNA Super Study Guide: Section 6

Space to dump notes for CCNA

CCNA Super Study Guide: Section 5

Space to dump notes for CCNA

CCNA Super Study Guide: Section 4

Space to dump notes for CCNA

CCNA Super Study Guide: Section 3

Space to dump notes for CCNA

CCNA Super Study Guide: Section 2

Space to dump notes for CCNA

CCNA Super Study Guide: Section 1

Space to dump notes for CCNA

TidBit 20

Going through a digital forensics module in HTB.

TidBit 19

Completing the Yara and Sigma room in HTB. Almost full module walkthrough…

TidBit 12

I have suspended my subscription to TryHackMe for a little while so I can experience other platforms.

TidBit 11

I am trying out the Anonforce room on TryHackMe.

TidBit 10

I’m doing another TryHackMe room for practice. The room I’m completing is Crack That Hash, which is just a hands-on-learning room to crack hashes as practice.

Yara Room Walkthrough

YARA is a tool used to identify and classify malware by creating rules that describe patterns found in malicious files. > It helps cybersecurity professionals detect and analyze malware by matching these patterns against a set of predefined rules.

Azure Sentinel Lab

Project includes the setup Azure Sentinel (SIEM) and its’ connection to a live virtual machine, acting as a honey pot. I observed live attacks (RDP Brute Force) from all around the world. I used a custom PowerShell script (provided by Josh Madakor) to look up the attackers Geolocation information and plot it on the Azure Sentinel Map. Also thanks to Nirakar Sapkota for the query script.

CI/CD Pipeline Room Walkthrough

This project consists of practicing the following: Explore what it takes to secure a DevOps pipeline and the builds it produces. Understanding the potential risks and consequences of insecure build processes. Explore common insecurities and how threat actors can exploit these to compromise not only the process, but also production systems.

TidBit 9

I have been trying the Hacker101.io website. It lets me know that I have no idea what I’m doing and I need to learn more about Burpsuite.

Nessus Vulnerability Management Lab

We will be using Nessus Essentials to scan local VMs hosted on VMWare Workstation in order run credentialed scans to discover vulnerabilities, remediate some of the vulnerabilities, then perform a rescan to verify remediation.

TryHackMe's SOC Analyst Level 1 Path

This project consists of practicing the following: Monitoring and investigating alerts,configuring and managing security tools, developing and implementing IDS signatures. This learning path is created by the team at TryHackMe - at the end of the journey, the reward is satisfaction and a cert to show your friends.

Active Directory Home Lab

Project consists of creating an Active Directory home lab environment using Oracle Virtual Box. Configuring and running the lab allows me to develop my understanding of how active directory and windows networking works.

Visual Packet Tracer

The main purpose of this project is to map the IP addresses from a Wireshark packet capture from the users computer. By inputing the public IP addresses and Wireshark packet capture, we are able to map in Google Maps where our traffic is coming from.

TidBit XSS

I am wanting to complete the XSS room on THM but I am having to do about 5 pre-requisite rooms to complete it.

Snort Room Walkthrough

Snort is an open-source intrusion detection and prevention system (IDS/IPS) that monitors network traffic in real-time, > analyzing packets for signs of malicious activity. It uses predefined rules to detect threats and can alert or block suspicious network activity.

Download File Cleanup

How many times can you say the word download in one post.