Welcome to my CTF Writeups repository! Here, I document the solutions and methodologies used to solve various Capture The Flag (CTF) challenges. This repository is intended to serve as a learning resource for others interested in cybersecurity and CTF competitions. Capture The Flag (CTF) competitions are a popular way to practice and improve cybersecurity skills. These competitions present various challenges that require problem-solving, creativity, and technical knowledge.
The writeups in this repository (located in the "writeups" folder) are categorised based on the nature of the challenge. Each writeup provides step-by-step solutions, along with explanations of the tools and techniques used. The difficulty rating associated with each challenge matches the difficulty rating given by the platform hosting the challenge/lab/ctf, therefore, take it with a grain of salt as some challenges rated as hard are actually easy, etc. The rating is out of 5, where 5 stars means the challenge is enjoyable and 1 being not enjoyable. Whilst this will of course have personal bias, my rating is not on the basis of whether I enjoyed it, it's more on the quality and realism of the challenge.
Disclaimer! In all honesty, some of these writeups are written poorly, mainly because I complete them to learn practical skills, not to practice reporting. When it comes to well written writeups, I recommend reading my most recent ones.
I recommend starting with the easy or medium rated challenges, there is honestly little difference between the two ratings for the most part. You can find challenges associated with each difficulty rating by clicking CTRL + F and pasting one of the following tags:
- π’ Easy
- π‘ Medium
- π΄ Hard
When it comes to what platform to use, that depends on your interests and skill level. For DFIR (digital forensics and incident response) and CTI (cyber threat intelligence) based challenges I highly recommend CyberDefenders, as it provides the most realistic challenges and often requires the use of VMs or a home lab. If you are a beginner, TryHackMe is a great place to start, as it often provides a VM or you can always use the AttackBox which comes preinstalled with a bunch of tools. Lastly, if you are intersted in becoming a blue teamer (stricly SOC operations), I recommend checking out blue team labs online (BTLO).
- Endpoint Forensics
- Network Forensics
- Mobile Forensics
- IDS/IPS
- SIEM (ELK, Splunk, etc.)
- Cyber Threat Intelligence (CTI)
- Email Analysis
- Malware Analysis
- Reverse Engineering
- Pentesting
- Tools Used
- Personal Platform Profiles
These challenges mainly involve investigating compromised endpoints, primarily Windows and Linux, using a variety of forensic tools.
| Challenge | Writeup | Challenge Link | Difficulty | Rating | Tags |
|---|---|---|---|---|---|
| KioskExpo7 Lab | CyberDefenders | π‘ Medium | βββββ | DB Browser for SQLite Registry Explorer MFTECmd Timeline Explorer PECmd Notepad++ R-Studio MFT Explorer |
|
| XMRig Lab | CyberDefenders | π‘ Medium | βββββ | Built-in Linux Tools VirusTotal Photorec Linux Forensics |
|
| ConfluenceRCE Lab | CyberDefenders | π‘ Medium | βββββ | grep uniq cut VirusTotal Built-in Linux Tools Linux Forensics |
|
| Stealthy Ascent Lab | CyberDefenders | π‘ Medium | βββ | Built-in Linux Tools Linux Forensics |
|
| RepoReaper Lab | CyberDefenders | π΄ Hard | βββββ | FTK Imager DB Browser for SQLite DCode Event Log Explorer MFTECmd Timeline Explorer VirusTotal Registry Explorer PECmd UAC Bypass Privilege Escalation |
|
| Maranhao Lab | CyberDefenders | π’ Easy | βββββ | FTK Imager EvtxECmd Timeline Explorer DB Browser for SQLite MFTECmd VirusTotal Infostealer |
|
| TheTruth Lab | CyberDefenders | π‘ Medium | βββββ | Autopsy DB Browser for SQLite DCode JADX Mobile Forensics Android Forensics |
|
| Malicious PyPi Lab | CyberDefenders | π‘ Medium | βββββ | Notepad++ Event Log Explorer EvtxECmd Timeline Explorer ProcMon Registry Explorer PECmd VirusTotal |
|
| Job Trap Lab | CyberDefenders | π‘ Medium | βββββ | FTK Imager DB Browser for SQLite DCode Olevba EvtxECmd Timeline Explorer Notepad++ |
|
| Andromeda Bot Lab | CyberDefenders | π‘ Medium | βββββ | MemProcFS EvtxECmd Timeline Explorer VirusTotal Memory Forensics |
|
| T1598.002 Lab | CyberDefenders | π’ Easy | βββββ | oledump Google Admin Toolbox Messageheader |
|
| RevengeHotels APT Lab | CyberDefenders | π’ Easy | βββββ | DB Browser for SQLite Event Log Explorer Timeline Explorer EvtxECmd dnSpy CyberChef |
|
| BankingTroubles Lab | CyberDefenders | π΄ Hard | βββββ | Volatility 2 Strings Foremost peepdf pdf-parser jsunpack Memory Forensics |
|
| MrRobot Lab | CyberDefenders | π‘ Medium | βββββ | Volatility 2 Outlook Forensics Wizard R-Studio Strings Notepad++ VirusTotal Process Injection Process Hollowing Memory Forensics |
|
| Chollima Lab | CyberDefenders | π‘ Medium | ββ | MemProcFS CyberChef Strings Memory Forensics |
|
| Chollima Lab | CyberDefenders | π‘ Medium | βββββ | FTK Imager Event Log Explorer Timeline Explorer MFTECmd VirusTotal Notepad++ Registry Explorer Python Analysis |
|
| PwnedDC Lab | CyberDefenders | π΄ Hard | βββββ | Event Log Explorer Arsenal Image Mounter Outlook Forensics Wizard olevba scdbg Volatility 2 ClamScan VirusTotal HxD Resource Hacker Strings Python VBA Stomping yara |
|
| DetectLog4j Lab | CyberDefenders | π‘ Medium | βββββ | Arsenal Image Mounter Registry Explorer Event Log Explorer CyberChef FakeNet Java Decompiler VirusTotal dnSpy CVE-2021-44228 |
|
| Szechuan Sauce Lab | CyberDefenders | π‘ Medium | βββββ | Volatility 3 Arsenal Image Mounter Registry Explorer EvtxECmd Timeline Explorer VirusTotal Wireshark NetworkMiner DS Internals PowerShell framework Crack Station Event Log Explorer FTK Imager Credential Dumping |
|
| Zerologon Lab | CyberDefenders | π΄ Hard | βββββ | MFTECmd Timeline Explorer LECmd EvtxECmd CyberChef Notepad++ Event Log Explorer Windows Forensics |
|
| Phishy Lab | CyberDefenders | π‘ Medium | βββββ | FTK Imager Autopsy Registry Explorer WhatsApp Viewer CyberChef Olevba oledump.py BrowsingHistoryView PasswordFox VirusTotal Windows Forensics Macro analysis |
|
| Hammered Lab | CyberDefenders | π‘ Medium | βββββ | Linux Command Line Tools Linux Forensics |
|
| SpottedInTheWild Lab | CyberDefenders | π΄ Hard | βββββ | Arsenal Image Mounter PECmd MFTECmd EvtxECmd Timeline Explorer Strings CyberChef AnyRun CVE-2023-38831 bitsadmin Windows Forensics |
|
| Akira Lab | CyberDefedners | π‘ Medium | βββββ | Volatility 3 MemProcFS EvtxECmd Timline Explorer Strings Text Editor Windows Forensics PsExec |
|
| IcedID 2 Lab | CyberDefenders | π‘ Medium | βββ | Volatility 3 MemProcFS Text Editor VirusTotal Windows Forensics |
|
| MinerHunt Lab | CyberDefenders | π‘ Medium | βββββ | EvtxECmd Timeline Explorer VirusTotal Windows Forensics Microsoft SQL Server IFEO WMI |
|
| LummaStealer Lab | CyberDefenders | π‘ Medium | βββββ | EvtxECmd Timeline Explorer DB Browser for SQLite Windows Forensics |
|
| VaultBreak Lab | CyberDefenders | π‘ Medium | βββββ | DB Browser for SQLite EvtxECmd Timeline Explorer MFTECmd Windows Forensics WMI Scheduled Tasks |
|
| IronShade | TryHackMe | π‘ Medium | ββββ | Bash Linux Forensics |
|
| Hunter Lab | CyberDefenders | π‘ Medium | βββββ | FTK Imager Registry Explorer DCode EvtxECmd Timeline Explorer PECmd Sublime DB Browser for SQLite SysTools Outlook PST Viewer ShellBags Explorer JumpListExplorer Windows Forensics |
|
| CrownJewel1 | HackTheBox | π’ Easy | βββββ | Hayabusa Timeline Explorer EVTXCmd MFTECmd Event Viewer ntds.dit Volume Shadow Copies |
|
| Lockbit Lab | CyberDefenders | π‘ Medium | βββββ | EVTXCmd Timeline Explorer Notepad ++ VirusTotal |
|
| DarkCrystal Lab | CyberDefenders | π‘ Medium | βββββ | Volatility3 Timeline Explorer EVTXCmd |
|
| QBot Lab | CyberDefenders | π‘ Medium | βββββ | Volatility3 VirusTotal Malicious Excel Document |
|
| ELPACO-team Lab | CyberDefenders | π‘ Medium | βββββ | EVTXCmd Timeline Explorer MFTECmd VirusTotal |
|
| Retracted | TryHackMe | π’ Easy | ββ | Event Viewer |
|
| Unattended | TryHackMe | π‘ Medium | βββ | Registry Explorer Autopsy |
|
| Disgruntled | TryHackMe | π’ Easy | β | cat |
|
| Secret Recipe | TryHackMe | π‘ Medium | ββββ | Registry Explorer |
|
| Critical | TryHackMe | π’ Easy | βββββ | Volatility3 strings |
|
| Tempest | TryHackMe | π‘ Medium | βββββ | Timeline Explorer WireShark Brim CyberChef VirusTotal |
|
| Boogeyman 2 | TryHackMe | π‘ Medium | βββββ | text editor Olevba Volatility2 |
|
| Ramnit | CyberDefenders | π’ Easy | ββββ | Volatility3 VirusTotal |
|
| Reveal | CyberDefenders | π’ Easy | ββββ | Volatility3 Timeline Explorer VirusTotal |
|
| FakeGPT | CyberDefenders | π’ Easy | βββββ | ExtAnalysis CyberChef |
|
| Brave | CyberDefenders | π‘ Medium | ββββ | Volatility3 HxD |
|
| Redline | CyberDefenders | π’ Easy | ββββ | Volatility3 Timeline Explorer VirusTotal |
|
| Memory Analysis | LetsDefend | π‘ Medium | βββββ | Volatility3 VirusTotal Crackstation |
|
| Lockbit | LetsDefend | π’ Easy | ββββ | Volatility3 VirusTotal |
|
| WinRar 0-Day | LetsDefend | π‘ Medium | βββ | Volatility3 CyberChef |
|
| BlackEnergy Lab | CyberDefenders | π‘ Medium | βββ | Volatility3 Timeline Explorer VirusTotal |
|
| Memory Analysis - Ransomware | BTLO | π‘ Medium | ββββ | Volatility3 |
|
| Tardigrade | TryHackMe | π‘ Medium | β | Linux command-line |
|
| Sysinternals | CyberDefenders | π‘ Medium | ββ | Autopsy AppCompatParser AmCacheParser VirusTotal |
|
| REvil Corp | TryHackMe | π‘ Medium | βββ | Redline VirusTotal |
|
| Forensics | TryHackMe | π΄ Hard | βββββ | Volatility3 strings |
|
| Dead End? | TryHackMe | π΄ Hard | βββ | Volatility3 FTK Imager VirusTotal |
|
| Insider Lab | CyberDefenders | π’ Easy | βββ | FTK Imager |
|
| Seized Lab | CyberDefenders | π‘ Medium | βββ | Volatility3 strings |
|
| Browser Forensics - Cryptominer | BTLO | π’ Easy | βββ | FTK Imager |
|
| Kraken Keylogger Lab | CyberDefenders | π‘ Medium | ββ | DB Browser for SQLite LECmd text editor |
|
| HireMe Lab | CyberDefenders | π‘ Medium | ββββ | FTK Imager Registry Explorer LECmd RegRipper OST Viewer |
|
| DumpMe Lab | CyberDefenders | π‘ Medium | βββββ | Voltiliaty2 VirusTotal |
|
| AfricanFalls Lab | CyberDefenders | π‘ Medium | βββ | FTK Imager rifiuti2 Browsing History View PECmd ShellBags Explorer |
|
| Injector Lab | CyberDefenders | π‘ Medium | βββββ | FTK Imager Volatility3 Registry Explorer cut |
|
| NintendoHunt Lab | CyberDefenders | π΄ Hard | ββ | Volatility2 Strings |
|
| DeepDive Lab | CyberDefenders | π΄ Hard | ββ | Volatility2 VirusTotal |
|
| CorporateSecrets Lab | CyberDefenders | π‘ Medium | βββββ | FTK Imager MFTECmd Timeline Explorer RegRipper PECmd |
|
| Bruteforce | BTLO | π‘ Medium | βββββ | Timeline Explorer cat |
|
| Silent Breach | CyberDefenders | π‘ Medium | βββββ | FTK Imager Browsing History View DB Browser for SQLite Strings Grep |
|
| Amadey Lab | CyberDefenders | π’ Easy | βββ | Volatility3 |
|
| DiskFiltration | TryHackMe | π΄ Hard | ββββ | Autopsy Timeline Explorer MFTECmd Exiftool HxD |
|
| Volatility Traces Lab | CyberDefenders | π’ Easy | βββββ | Volatility 3 Defense Evasion |
|
| MeteorHit Lab | CyberDefenders | π‘ Medium | βββββ | Registry Explorer Timeline Explorer EVTXCmd MFTECmd VirusTotal NTFS Forensics Sysmon Defense Evasion |
|
| Fog Ransomware Lab | CyberDefenders | π‘ Medium | βββββ | DB Browser for SQLite MFTECmd Timeline Explorer EvtxECmd VirusTotal |
|
| NetX-Support Lab | CyberDefenders | π‘ Medium | βββββ | DB Browser for SQLite FTK Imager MFTECmd EVTXCmd PECmd CyberChef Registry Explorer LECmd |
|
| Beta Gamer Lab | CyberDefenders | π‘ Medium | βββββ | DB Browser for SQLite FTK Imager MFTECmd EVTXCmd |
|
| Trigona Ransomware Lab | CyberDefenders | π‘ Medium | βββββ | EVTXCmd Timeline Explorer Registry Explorer MFTECmd PECmd AmcacheParser |
|
| Deep Blue | BTLO | π’ Easy | βββ | deepbluecli Event Viewer |
|
| Brutus | HackTheBox | π’ Easy | βββββ | grep awk sed sort uniq last grep auth.log wtmp |
|
| Crownjewel-2 | HackTheBox | π’ Easy | βββββ | EvtxECmd Timeline Explorer |
|
| Operationa Blackout 2025: Phantom Check | HackTheBox | π’ Easy | ββ | EvtxECmd Timeline Explorer |
This category focuses on packet analysis through PCAP files and zeek logs. Tools like Wireshark, Zeek, and Brim are frequently used.
| Challenge | Writeup | Challenge Link | Difficulty | Rating | Tags |
|---|---|---|---|---|---|
| XXE Infiltration Lab | CyberDefenders | π’ Easy | βββββ | Wireshark Zui |
|
| JetBrains Lab | CyberDefenders | π’ Easy | βββββ | Wireshark Zui CVE-2024-27198 |
|
| Openfire Lab | CyberDefenders | π’ Easy | βββββ | Wireshark Zui CyberChef CVE-2023-32315 |
|
| Trident Lab | CyberDefenders | π‘ Medium | βββββ | Wireshark Zui NetworkMiner VirusTotal IDA Pro scdbg CVE-2021-40444 shellcode analysis |
|
| NukeTheBrowser Lab | CyberDefenders | π΄ Hard | βββββ | Wireshark Zui VirusTotal scdbg CVE-2005-2127 shellcode analysis |
|
| HoneyBOT Lab | CyberDefenders | π‘ Medium | βββββ | Wireshark Zui NetworkMiner VirusTotal scdbg CVE-2003-0533 shellcode analysis |
|
| Malware Traffic Analysis 5 Lab | CyberDefenders | π‘ Medium | ββ | Wireshark Zui VirusTotal Oledump Thunderbird |
|
| Malware Traffic Analysis 4 Lab | CyberDefenders | π‘ Medium | βββββ | Wireshark Zui NetworkMiner VirusTotal |
|
| Malware Traffic Analysis 3 Lab | CyberDefenders | π‘ Medium | βββββ | Wireshark Zui NetworkMiner VirusTotal GHex pesec Python |
|
| Malware Traffic Analysis 2 Lab | CyberDefenders | π‘ Medium | βββββ | Wireshark Zui NetworkMiner VirusTotal |
|
| Malware Traffic Analysis 1 Lab | CyberDefenders | π‘ Medium | βββββ | Wireshark Zui NetworkMiner VirusTotal |
|
| WireDive Lab | CyberDefenders | π‘ Medium | β | Wireshark |
|
| Acoustic Lab | CyberDefenders | π‘ Medium | ββ | Wireshark Zui VoIP Command line |
|
| RetailBreach Lab | CyberDefenders | π’ Easy | βββββ | Wireshark Zui CyberChef VirusTotal |
|
| RCEMiner Lab | CyberDefenders | π‘ Medium | βββββ | Wireshark VirusTotal |
|
| BlueSky Ransomware Lab | CyberDefenders | π‘ Medium | βββββ | Wireshark Zui Event Log Explorer CyberChef VirusTotal |
|
| HawkEye Lab | CyberDefenders | π‘ Medium | βββββ | Wireshark Zui NetworkMiner VirusTotal |
|
| PacketMaze Lab | CyberDefenders | π‘ Medium | β | Wireshark NetworkMiner |
|
| Boogeyman 1 | TryHackMe | π‘ Medium | βββ | Thunderbird lnkparse cat Wireshark |
|
| PacketDetective | CyberDefenders | π’ Easy | ββββ | Wireshark |
|
| DanaBot | CyberDefenders | π’ Easy | ββββ | Wireshark VirusTotal Network Miner |
|
| Web Investigation | CyberDefenders | π’ Easy | βββββ | Wireshark MaxMind GeoIP database |
|
| WebStrike | CyberDefenders | π’ Easy | ββββ | Wireshark |
|
| PoisonedCredentials | CyberDefenders | π’ Easy | ββ | Wireshark |
|
| TomCat Takeover | CyberDefenders | π’ Easy | βββββ | Wireshark |
|
| PsExec Hunt | CyberDefenders | π’ Easy | βββ | Wireshark |
|
| Shellshock Attack | LetsDefend | π’ Easy | β | Wireshark |
|
| HTTP Basic Auth | LetsDefend | π’ Easy | ββ | Wireshark |
|
| Brute Force Attack | LetsDefend | π‘ Medium | ββββ | Wireshark cat grep |
|
| OpenWire Lab | CyberDefenders | π‘ Medium | ββββ | Wireshark |
|
| Network Analysis - Web Shell | BTLO | π’ Easy | ββββ | Wireshark |
|
| XMLRat Lab | CyberDefenders | π’ Easy | βββββ | Wireshark VirusTotal CyberChef |
|
| Network Analysis - Ransomware | BTLO | π‘ Medium | ββ | Wireshark |
|
| l337 S4uc3 Lab | CyberDefenders | π‘ Medium | βββββ | Wireshark Network Miner Brim volatility 2 |
|
| Piggy | BTLO | π’ Easy | βββ | Wireshark VirusTotal |
|
| Shiba Insider | BTLO | π’ Easy | ββ | Wireshark exiftool |
|
| Tshark Challenge II: Directory | TryHackMe | π’ Easy | βββββ | Tshark VirusTotal |
|
| TShark Challenge 1: Teamwork | TryHackMe | π’ Easy | ββ | Tshark VirusTotal |
|
| TShark | TryHackMe | π‘ Medium | βββ | Tshark |
|
| Carnage | TryHackMe | π‘ Medium | βββββ | Wireshark VirusTotal |
|
| Warzone 2 | TryHackMe | π‘ Medium | βββββ | Brim Network Miner Wireshark VirusTotal CyberChef |
|
| Warzone 1 | TryHackMe | π‘ Medium | βββββ | Brim Network Miner Wireshark VirusTotal |
|
| Masterminds | TryHackMe | π‘ Medium | βββββ | Brim VirusTotal |
|
| Zeek Exercises | TryHackMe | π‘ Medium | βββββ | zeek CyberChef VirusTotal |
This section focuses on investigating mobile devices.
| Challenge | Writeup | Challenge Link | Difficulty | Rating | Tags |
|---|---|---|---|---|---|
| AndroidBreach Lab | CyberDefenders | π‘ Medium | ββββ | ALEAPP jadx CyberChef Android Forensics |
|
| The Crime lab | CyberDefenders | π’ Easy | βββββ | ALEAPP |
|
| Eli Lab | CyberDefenders | π‘ Medium | ββ | CLEAPP |
Writeups here explore intrusion detection and prevention systems like Snort. These labs simulate network-based attacks and help develop skills in detecting and repsonding to suspicious traffic patterns and rule-based alerts.
| Challenge | Writeup | Challenge Link | Difficulty | Rating | Tags |
|---|---|---|---|---|---|
| Snort Challenge the Basics | TryHackMe | π‘ Medium | ββ | Snort |
|
| Snort Challenge live attacks | TryHackMe | π‘ Medium | βββ | Snort |
These challenges involve using SIEMs like Splunk, ELK, and Wazuh to identify threats.
| Challenge | Writeup | Challenge Link | Difficulty | Rating | Tags |
|---|---|---|---|---|---|
| T1110-003 Lab | CyberDefenders | π’ Easy | ββββ | ELK password spraying RDP |
|
| REvil Lab | CyberDefenders | π’ Easy | βββββ | ELK |
|
| HafinumAPT Lab | CyberDefenders | π΄ Hard | βββββ | ELK |
|
| GitTheGate Lab | CyberDefenders | π‘ Medium | βββ | ELK CVE-2019-7609 |
|
| Kerberoasted Lab | CyberDefenders | π‘ Medium | βββββ | ELK Kerberoasting |
|
| ElasticCase Lab | CyberDefenders | π‘ Medium | βββββ | ELK |
|
| Monday Monitor | TryHackMe | π’ Easy | βββ | Wazuh CyberChef |
|
| NerisBot Lab | CyberDefenders | π’ Easy | βββββ | Splunk Zeek Suricata VirusTotal |
|
| Peak | BTLO | π‘ Medium | ββ | ELK |
|
| Defaced | BTLO | π’ Easy | ββ | ELK |
|
| SOC Alpha 3 | BTLO | π‘ Medium | βββββ | ELK VirusTotal |
|
| SOC Alpha 2 | BTLO | π’ Easy | βββββ | ELK |
|
| SOC Alpha 1 | BTLO | π’ Easy | βββ | ELK |
|
| Middle Mayhem | BTLO | π’ Easy | βββ | ELK |
|
| Boogeyman 3 | TryHackMe | π‘ Medium | βββββ | ELK |
|
| New Hire Old Artifacts | TryHackMe | π‘ Medium | βββββ | ELK |
|
| PS Eclipse | TryHackMe | π‘ Medium | βββββ | ELK |
|
| Conti | TryHackMe | π‘ Medium | βββββ | ELK |
|
| SlingShot | TryHackMe | π’ Easy | ββββ | ELK CyberChef |
|
| Benign | TryHackMe | π‘ Medium | βββ | ELK |
|
| Investigating with Splunk | TryHackMe | π‘ Medium | βββββ | Splunk |
|
| ItsyBitsy | TryHackMe | π‘ Medium | βββ | ELK |
These labs focus on cyber threat intelligence, you will learn how to use threat intelligence platforms like VirusTotal, Malpedia, MITRE ATT&CK, and much more. Most of these challenges involve tracking malware campaigns, attributing malware to threat actors, etc.
| Challenge | Writeup | Challenge Link | Difficulty | Rating | Tags |
|---|---|---|---|---|---|
| Trooper | TryHackMe | π’ Easy | ββββ | Open CTI |
|
| Yellow RAT | CyberDefenders | π’ Easy | ββ | VirusTotal |
|
| GrabThePhiser | CyberDefenders | π’ Easy | βββ | Sublime |
|
| Red Stealer | CyberDefenders | π’ Easy | ββ | VirusTotal MalwareBazaar |
|
| PhishStrike Lab | CyberDefenders | π‘ Medium | βββββ | Sublime URLhaus VirusTotal |
|
| Tusk Infostealer Lab | CyberDefenders | π’ Easy | β | Kaspersky Threat Intelligence Portal VirusTotal |
|
| Oski Lab | CyberDefenders | π’ Easy | ββ | VirusTotal any.run |
|
| IcedID | CyberDefenders | π’ Easy | β | VirusTotal Tria.ge Malpedia |
This section dives into investigating emails, primarily phishing emails. You will learn how to extract headers, decode payloads, verify SPF/DKIM records, and asess malicious indicators in emails.
| Challenge | Writeup | Challenge Link | Difficulty | Rating | Tags |
|---|---|---|---|---|---|
| Greenholt Phish | TryHackMe | π’ Easy | βββββ | Thunderbird mxtoolbox VirusTotal |
|
| Snapped Phish-ing Line | TryHackMe | π’ Easy | ββββ | VirusTotal text editor |
|
| Phishing Analysis | BTLO | π’ Easy | βββββ | Sublime URL2PNG |
|
| Phishing Analysis 2 | BTLO | π’ Easy | βββββ | Sublime CyberChef |
|
| Phishy v1 | BTLO | π‘ Medium | βββ |
This section focuses on static and dynamic malware analysis. These writeups document the analysis of malicious PE files, scripts, macros, and more.
| Challenge | Writeup | Challenge Link | Difficulty | Rating | Tags |
|---|---|---|---|---|---|
| TeleStealer Lab | CyberDefenders | π‘ Medium | βββββ | DIE ProcMon Wireshark Python |
|
| AgentTesla Lab | CyberDefenders | π‘ Medium | βββββ | DIE AutoIT Extractor PE-sieve Process Explorer CFF Explorer dnSpy CyberChef ProcMon |
|
| MalaCrypt Lab | CyberDefenders | π‘ Medium | βββββ | PE Studio Floss Strings CyberChef VirusTotal ProcMon Cutter Capa |
|
| XWorm Lab | CyberDefenders | π‘ Medium | βββββ | PE Studio DIE dnSpy ANY.RUN VirusTotal |
|
| MalBuster | TryHackMe | π‘ Medium | ββββ | pestudio detect it easy VirusTotal CTF Explorer capa floss |
|
| Mr. Phisher | TryHackMe | π’ Easy | β | LibreOffice Writer |
|
| Dunkle Materie | TryHackMe | π‘ Medium | ββββ | ProcDOT VirusTotal |
|
| Maldoc101 | CyberDefenders | π‘ Medium | βββββ | oledump VirusTotal olevba CyberChef |
|
| Downloader | LetsDefend | π΄ Hard | βββββ | IDA Pro |
|
| Malicious Doc | LetsDefend | π’ Easy | β | VirusTotal |
|
| PowerShell Script | LetsDefend | π’ Easy | ββ | text editor VirusTotal |
|
| Suspicious USB Stick | BTLO | π‘ Medium | β | text editor VirusTotal peepdf |
|
| Reverse Engineering - A Classic Injection | BTLO | π’ Easy | βββββ | pestudio detect it easy IDA Pro Procmon CyberChef |
|
| PowerShell Analysis - Keylogger | BTLO | π’ Easy | ββ | text editor |
|
| Injection Series Part 3 | BTLO | π‘ Medium | βββββ | cutter IDA Pro CyberChef |
|
| Injection Series Part 4 | BTLO | π’ Easy | βββββ | IDA Pro CyberChef |
|
| Reverse Engineering - Another Injection | BTLO | π’ Easy | ββββ | detect it easy strings IDA Pro CyberChef |
|
| Malware Analysis - Ransomware Script | BTLO | π’ Easy | βββ | text editor |
|
| Nonyx | BTLO | π’ Easy | ββββ | volatility 2 |
|
| Anakus | BTLO | π’ Easy | βββ | detect it easy VirusTotal sigcheck timeline explorer |
Challenges in this section involve understanding program logic and uncovering hidden functionality from binaries. They often require IDA Pro, Ghidra, or Radare2.
| Challenge | Writeup | Challenge Link | Difficulty | Rating | Tags |
|---|---|---|---|---|---|
| Reversing ELF | TryHackMe | π’ Easy | ββββ | radare2 strings |
|
| DLL Stealer | LetsDefend | π‘ Medium | βββββ | dotPeek |
|
| Beginner Crackme | Crackmes.one | π’ Easy | β | IDA Pro |
This section contains writeups focused on penetration testing. Challenges are typically boot2root which involve scanning, enumeration, vulnerability analysis and exploitation, privilege escalation, and more. Great for building foundation penetration testing skills and learning common attacks.
| Challenge | Writeup | Challenge Link | Difficulty | Rating | Tags |
|---|---|---|---|---|---|
| Basic | HackThisSite | π‘ Medium | βββ | burp suite |
|
| Silver Platter | TryHackMe | π’ Easy | βββ | Nmap GoBuster ssh privilege escalation |
|
| Dav | TryHackMe | π’ Easy | βββ | Nmap GoBuster hydra privilege escalation |
|
| Wgel CTF | TryHackMe | π’ Easy | βββ | Nmap dirb ssh privilege escalation |
|
| Lookup | TryHackMe | π’ Easy | ββββ | Nmap hydra searchsploit metasploit privilege escalation |
|
| Toolsrus | TryHackMe | π’ Easy | βββ | Nmap dirbuster hydra nikto metasploit msfvenom |
|
| Raven 1 | VulnHub | π‘ Medium | βββββ | arp-scan Nmap GoBuster wpscan nikto hydra ssh mysql |
|
| Pickle Rick | VulnHub | π’ Easy | βββββ | Nmap GoBuster nikto privilege escalation |
|
| Mr Robot | VulnHub | π‘ Medium | ββββ | arp-scan Nmap GoBuster nikto wpscan hydra hashcat privilege escalation |
|
| Photographer | VulnHub | π‘ Medium | βββββ | arp-scan Nmap GoBuster nikto enum4linux SMB burp suite |
|
| Lazy Admin | VulnHub | π‘ Medium | βββββ | Nmap GoBuster hash-identifier searchsploit privilege escalation |
|
| IDE | TryHackMe | π’ Easy | βββββ | Nmap FTP searchsploit ssh privilege escalation |
|
| Easy peasy | TryHackMe | π’ Easy | βββββ | Nmap GoBuster hash-identifier CyberChef steghide ssh privilege escalation |
|
| Colddbox Vulnhub | VulnHub | π’ Easy | βββββ | Nmap GoBuster wpscan hydra privilege escalation |
|
| Colddbox THM | TryHackMe | π’ Easy | βββββ | Nmap GoBuster wpscan hydra privilege escalation |
|
| Bounty Hacker | TryHackMe | π’ Easy | ββββ | Nmap FTP hydra privilege escalation |
|
| Blogger1 | VulnHub | π’ Easy | βββββ | arp-scan Nmap GoBuster wpscan privilege escalation |
|
| Basic Pentesting | TryHackMe | π’ Easy | ββββ | Nmap GoBuster enum4linux SMB hydra john privilege escalation |
|
| Anonymous | TryHackMe | π‘ Medium | ββββ | Nmap enum4linux SMB FTP privilege escalation |
|
| Agent Sudo | TryHackMe | π’ Easy | ββββ | Nmap curl hydra FTP binwalk steghide ssh privilege escalation |
Some of the tools used in these writeups include (not limited to):