Open in app

Sign In

Write

Sign In

CyberJunnkie
CyberJunnkie

170 Followers

Home

About

Published in System Weakness

·Pinned

Incident Response: Analyzing Dogwalk ZeroDay (LetsDefend)

Hello guys, i will be solving an incident response case on letsdefend platform which provides a simulated SOC corporate environment. We will investigate a windows server 2019 infected by DogWalk 0DAY vulnerability which was recently publicly announced by Microsoft and also received cve: CVE-2022–34713. Here the L2(IR) alert escalated by…

Cybersecurity

6 min read

Incident Response : Analyzing Dogwalk ZeroDay (LetsDefend)
Incident Response : Analyzing Dogwalk ZeroDay (LetsDefend)
Cybersecurity

6 min read


Dec 4, 2022

Phishing Email Challenge by LetsDefend

In this writeup we will be analyzing a email to determine whether it was a phishing attempt or not. We will only use a mail client(You can use any you like) and avail Threat intel platforms like virustotal and cisco talos intelligence Scenario Your email address has been leaked and you…

Cybersecurity

4 min read

Phishing Email Challenge by LetsDefend
Phishing Email Challenge by LetsDefend
Cybersecurity

4 min read


Oct 26, 2022

PrintNightmare Challenge: Memory forensics and Network forensics (LetsDefend)

Today i will be solving printnightmare challenge in which we are provided with network capture and an memory image to analyse. We will use Brim and Redline to uncover exploitation of CVE-2021–34527 in internal network. This challenge is available for free on letsdefend platform. We have a document giving instructions…

Dfir

6 min read

PrintNightmare : Memory forensics and Network forensics challenge -> Letsdefend
PrintNightmare : Memory forensics and Network forensics challenge -> Letsdefend
Dfir

6 min read


Published in System Weakness

·Oct 8, 2022

Incident Response LetsDefend : Detecting Web App attack and detecting persistence

Hello Blue teamers and Red Teamers. In this post , we will be analyzing some apache access logs to uncover asset discovery, login brute force and web rce . Then we will uncover how attacker maintained his/her presence in the environment and which IP’s are associated with the threat actor. Analysis …

Incident Response

5 min read

Incident Response LetsDefend : Detecting Web App attack and detecting persistence
Incident Response LetsDefend : Detecting Web App attack and detecting persistence
Incident Response

5 min read


Published in System Weakness

·Sep 29, 2022

Windows Forensics Analysis: Analyzing Forensics Artifacts to Uncover System compromise and RDP lateral movement

Hello Blue Teamers . I created Another Challenge on Letsdefend platform. This challenge is about Windows Forensics and how to parse and analyze various important artifacts to determine full cyber kill chain , from delivery to Lateral movement Scenario Investigation We have a disk image of extension ad1. We would first need…

Cybersecurity

8 min read

Windows Forensics Analysis: Analyzing Forensics Artifacts to Uncover System compromise and RDP…
Windows Forensics Analysis: Analyzing Forensics Artifacts to Uncover System compromise and RDP…
Cybersecurity

8 min read


Published in System Weakness

·Sep 28, 2022

Incident Response: Analyzing Log4j RCE exploited via Minecraft game

We have an Incident related to Log4j activities escalated by L1 Analyst. Vulnerability Log4j2 versions 2.0-beta9 through 2.15.0 (excluding 2.12.x after 2.12.1) are vulnerable to remote code execution using its LDAP (Lightweight Directory Access Protocol) JNDI parser. An attacker who can control log messages or log message parameters can execute arbitrary…

Cybersecurity

6 min read

Incident Response : Analyzing Log4j RCE exploited via MineCraft game
Incident Response : Analyzing Log4j RCE exploited via MineCraft game
Cybersecurity

6 min read


Published in System Weakness

·Aug 27, 2022

Threat Hunting via Event Logs

This is just a short writeup showcasing event logs analysis Attack Simulation : We will create a compromise scenario. A Metasploit reverse shell executable will be run on the victim endpoint and a reverse shell will be gained on the attacker machine . We will then escalate our privileges to nt authority we start…

Cybersecurity

3 min read

Threat Hunting via Event Logs
Threat Hunting via Event Logs
Cybersecurity

3 min read


Published in System Weakness

·Aug 8, 2022

Memory forensics Challenge (Letsdefend)

Hi guys, i made this windows memory forensics challenge which was published on letsdefend. I am writing this writeup in the intended way to solve the challenge using volatility 3. We will learn to analyse windows processes and find hidden malware among the processes. …

Memory Forensics

5 min read

Memory forensics Challenge (Letsdefend)
Memory forensics Challenge (Letsdefend)
Memory Forensics

5 min read


Published in System Weakness

·Jul 18, 2022

IncidentResponse (Wannacry Ransomware) LetsDefend Event ID 103

Lets defend is a platform for blue team training and Practical labs. It has a built-in simulated SOC environment. It has log management, endpoint management, alerts dashboard, SOC playbooks etc. Today i am going to solve incident response level alerts, escalated to L2 SOC by Security analysts L1. Please note…

Cybersecurity

6 min read

IncidentResponse (Wannacry Ransomware) LetsDefend Event ID 103
IncidentResponse (Wannacry Ransomware) LetsDefend Event ID 103
Cybersecurity

6 min read


Published in System Weakness

·Jul 3, 2022

Analyzing FOLLINA ZeroDAY(CVE-2022–30190)

Hi folks. Today we will be learning a bit about follina Zero-day, and i am doing the follina challenge from blueteamlabsonline I first understood why this vulnerability exists and its inner workings of it from this blog https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug Key takeaways from the blog are: 1) the First payload must be…

Cybersecurity

5 min read

Analyzing FOLLINA ZeroDAY(CVE-2022–30190)
Analyzing FOLLINA ZeroDAY(CVE-2022–30190)
Cybersecurity

5 min read

CyberJunnkie

CyberJunnkie

170 Followers

Defensive Content Engineer @HackTheBox 🖥️ 🐱‍💻

Following
  • Adam Goss

    Adam Goss

  • Mehmet Ergene

    Mehmet Ergene

  • Domiziana Foti

    Domiziana Foti

  • ARZ101

    ARZ101

  • Security Blue Team

    Security Blue Team

See all (17)

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech