Hi!

Recently, I started studying for the CDSA exam, which involves the use of ELK to solve challenges. HTB also created a track to help students prepare for the CDSA exam, featuring 11 challenges. That track is linked here In this post, I will show how to easily ingest and solve one of these challenges using the ELK stack. Preparation To set up elk, I used this wonderful docker elk github available here ...

In this post, I will cover completing easy sherlocks with splunk. I haven’t seen many posts covering the tactics they use to ingest sherlocks using splunk, and the posts I have seen for ‘walkthroughs’ offer no reasoning. It’s pretty clear many sherlock writeups just paraphrase from the HTB solution pdf. So, in this post, I will first go over how I ingest data into splunk, then I will cover how I solve two sherlocks. This focuses on windows event logs. ...

This post will explain the current configuration creation for CCDC. This is used for CCDC, but could be useful for anyone wanting a quick decently secure ad setup. CCDC is a defensive based competition where students act as an incidence response team, who must remediate and lock down networks as quickly as possible. Trained red teamers attack as students are given many tasks to complete. I’m expecting to deal with ~6 windows computers, running varying services. ...

I started studying for the CPTS with no real experience in offensive cybersecurity around December 2024. This was during my sophomore year in college, so I was unable to complete this certification very fast. I worked at it off and on. I eventually completed all of the work around June. I studied for most of July, and took the test at the beginning of August. I got lucky, and got my results back in 6 days. ...

This is a tutorial to quickly setup and deploy a honeypot. This is useful if you are a student/researcher who wants to quickly through up a honeypot, without implementing proxmox. I’m posting this to document this interesting creation, as I haven’t seen a honeypot or most networks done like this (for a good reason). VLANS should be configured to work beforehand. The ‘fun’ part of this is the fact that this allows a live attacker to have full control immediantly of the computer you give them without any restrictions inside your network. Too many honeypots are way too safe. There is no fun in that, let that attacker thrive and give you more content. This allows the user to place more vm’s on their vulnerable vlan to see if the honeypot attack spreads. ...