Posts

I began studying for the HTB CDSA (Certified Defensive Security Analyst) exam shortly after completing the CPTS. HTB has proven again and again to be a worthwhile time investment and a quick way to learn. Again, there’s no reason to detail what the exam is. No idea why so many other blog posters do this useless action. I completed 19/20 technical questions of the first incident within the first 8 hours. I never found the last flag; this one will forever haunt me. I was able to write the majority of the report for this section within the second day. It took me another 8 hours to finish finding evidence on the second attack. It took about another 5 hours to finish that report, and I submitted my test with 3 days and 20 hours to spare. The report spanned 49 pages, using the syspreptor template. ...

Recently, I started studying for the CDSA exam, which involves the use of ELK to solve challenges. HTB also created a track to help students prepare for the CDSA exam, featuring 11 challenges. That track is linked here In this post, I will show how to easily ingest and solve one of these challenges using the ELK stack. Preparation To set up elk, I used this wonderful docker elk github available here ...

In this post, I will cover completing easy sherlocks with splunk. I haven’t seen many posts covering the tactics they use to ingest sherlocks using splunk, and the posts I have seen for ‘walkthroughs’ offer no reasoning. It’s pretty clear many sherlock writeups just paraphrase from the HTB solution pdf. So, in this post, I will first go over how I ingest data into splunk, then I will cover how I solve two sherlocks. This focuses on windows event logs. ...

This post will explain the current configuration creation for CCDC. This is used for CCDC, but could be useful for anyone wanting a quick decently secure ad setup. CCDC is a defensive based competition where students act as an incidence response team, who must remediate and lock down networks as quickly as possible. Trained red teamers attack as students are given many tasks to complete. I’m expecting to deal with ~6 windows computers, running varying services. ...

I started studying for the CPTS with no real experience in offensive cybersecurity around December 2024. This was during my sophomore year in college, so I was unable to complete this certification very fast. I worked at it off and on. I eventually completed all of the work around June. I studied for most of July, and took the test at the beginning of August. I got lucky, and got my results back in 6 days. ...