Welcome to my CTF Writeups repository! Here, I document the solutions and methodologies used to solve various Capture The Flag (CTF) challenges. This repository is intended to serve as a learning resource for others interested in cybersecurity and CTF competitions. Capture The Flag (CTF) competitions are a popular way to practice and improve cybersecurity skills. These competitions present various challenges that require problem-solving, creativity, and technical knowledge.
The writeups in this repository (located in the "writeups" folder) are categorised based on the nature of the challenge. Each writeup provides step-by-step solutions, along with explanations of the tools and techniques used. The difficulty rating associated with each challenge matches the difficulty rating given by the platform hosting the challenge/lab/ctf, therefore, take it with a grain of salt as some challenges rated as hard are actually easy, etc. The rating is out of 5, where 5 stars means the challenge is enjoyable and 1 being not enjoyable. Whilst this will of course have personal bias, my rating is not on the basis of whether I enjoyed it, it's more on the quality and realism of the challenge.
Disclaimer! In all honesty, some of these writeups are written poorly, mainly because I complete them to learn practical skills, not to practice reporting. When it comes to well written writeups, I recommend reading my most recent ones.
I recommend starting with the easy or medium rated challenges, there is honestly little difference between the two ratings for the most part. You can find challenges associated with each difficulty rating by clicking CTRL + F and pasting one of the following tags:
- 🟢 Easy
- 🟡 Medium
- 🔴 Hard
When it comes to what platform to use, that depends on your interests and skill level. For DFIR (digital forensics and incident response) and CTI (cyber threat intelligence) based challenges I highly recommend CyberDefenders, as it provides the most realistic challenges and often requires the use of VMs or a home lab. If you are a beginner, TryHackMe is a great place to start, as it often provides a VM or you can always use the AttackBox which comes preinstalled with a bunch of tools. Lastly, if you are intersted in becoming a blue teamer (stricly SOC operations), I recommend checking out blue team labs online (BTLO).
- Endpoint Forensics
- Network Forensics
- Mobile Forensics
- IDS/IPS
- SIEM (ELK, Splunk, etc.)
- Cyber Threat Intelligence (CTI)
- Email Analysis
- Malware Analysis
- Reverse Engineering
- Pentesting
- Tools Used
- Personal Platform Profiles
These challenges mainly involve investigating compromised endpoints, primarily Windows and Linux, using a variety of forensic tools.
| Challenge | Writeup | Challenge Link | Difficulty | Rating | Tags |
|---|---|---|---|---|---|
| KioskExpo7 Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | DB Browser for SQLite Registry Explorer MFTECmd Timeline Explorer PECmd Notepad++ R-Studio MFT Explorer |
|
| XMRig Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | Built-in Linux Tools VirusTotal Photorec Linux Forensics |
|
| ConfluenceRCE Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | grep uniq cut VirusTotal Built-in Linux Tools Linux Forensics |
|
| Stealthy Ascent Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐ | Built-in Linux Tools Linux Forensics |
|
| RepoReaper Lab | CyberDefenders | 🔴 Hard | ⭐⭐⭐⭐⭐ | FTK Imager DB Browser for SQLite DCode Event Log Explorer MFTECmd Timeline Explorer VirusTotal Registry Explorer PECmd UAC Bypass Privilege Escalation |
|
| Maranhao Lab | CyberDefenders | 🟢 Easy | ⭐⭐⭐⭐⭐ | FTK Imager EvtxECmd Timeline Explorer DB Browser for SQLite MFTECmd VirusTotal Infostealer |
|
| TheTruth Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | Autopsy DB Browser for SQLite DCode JADX Mobile Forensics Android Forensics |
|
| Malicious PyPi Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | Notepad++ Event Log Explorer EvtxECmd Timeline Explorer ProcMon Registry Explorer PECmd VirusTotal |
|
| Job Trap Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | FTK Imager DB Browser for SQLite DCode Olevba EvtxECmd Timeline Explorer Notepad++ |
|
| Andromeda Bot Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | MemProcFS EvtxECmd Timeline Explorer VirusTotal Memory Forensics |
|
| T1598.002 Lab | CyberDefenders | 🟢 Easy | ⭐⭐⭐⭐⭐ | oledump Google Admin Toolbox Messageheader |
|
| RevengeHotels APT Lab | CyberDefenders | 🟢 Easy | ⭐⭐⭐⭐⭐ | DB Browser for SQLite Event Log Explorer Timeline Explorer EvtxECmd dnSpy CyberChef |
|
| BankingTroubles Lab | CyberDefenders | 🔴 Hard | ⭐⭐⭐⭐⭐ | Volatility 2 Strings Foremost peepdf pdf-parser jsunpack Memory Forensics |
|
| MrRobot Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | Volatility 2 Outlook Forensics Wizard R-Studio Strings Notepad++ VirusTotal Process Injection Process Hollowing Memory Forensics |
|
| Chollima Lab | CyberDefenders | 🟡 Medium | ⭐⭐ | MemProcFS CyberChef Strings Memory Forensics |
|
| Chollima Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | FTK Imager Event Log Explorer Timeline Explorer MFTECmd VirusTotal Notepad++ Registry Explorer Python Analysis |
|
| PwnedDC Lab | CyberDefenders | 🔴 Hard | ⭐⭐⭐⭐⭐ | Event Log Explorer Arsenal Image Mounter Outlook Forensics Wizard olevba scdbg Volatility 2 ClamScan VirusTotal HxD Resource Hacker Strings Python VBA Stomping yara |
|
| DetectLog4j Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | Arsenal Image Mounter Registry Explorer Event Log Explorer CyberChef FakeNet Java Decompiler VirusTotal dnSpy CVE-2021-44228 |
|
| Szechuan Sauce Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | Volatility 3 Arsenal Image Mounter Registry Explorer EvtxECmd Timeline Explorer VirusTotal Wireshark NetworkMiner DS Internals PowerShell framework Crack Station Event Log Explorer FTK Imager Credential Dumping |
|
| Zerologon Lab | CyberDefenders | 🔴 Hard | ⭐⭐⭐⭐⭐ | MFTECmd Timeline Explorer LECmd EvtxECmd CyberChef Notepad++ Event Log Explorer Windows Forensics |
|
| Phishy Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | FTK Imager Autopsy Registry Explorer WhatsApp Viewer CyberChef Olevba oledump.py BrowsingHistoryView PasswordFox VirusTotal Windows Forensics Macro analysis |
|
| Hammered Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | Linux Command Line Tools Linux Forensics |
|
| SpottedInTheWild Lab | CyberDefenders | 🔴 Hard | ⭐⭐⭐⭐⭐ | Arsenal Image Mounter PECmd MFTECmd EvtxECmd Timeline Explorer Strings CyberChef AnyRun CVE-2023-38831 bitsadmin Windows Forensics |
|
| Akira Lab | CyberDefedners | 🟡 Medium | ⭐⭐⭐⭐⭐ | Volatility 3 MemProcFS EvtxECmd Timline Explorer Strings Text Editor Windows Forensics PsExec |
|
| IcedID 2 Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐ | Volatility 3 MemProcFS Text Editor VirusTotal Windows Forensics |
|
| MinerHunt Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | EvtxECmd Timeline Explorer VirusTotal Windows Forensics Microsoft SQL Server IFEO WMI |
|
| LummaStealer Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | EvtxECmd Timeline Explorer DB Browser for SQLite Windows Forensics |
|
| VaultBreak Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | DB Browser for SQLite EvtxECmd Timeline Explorer MFTECmd Windows Forensics WMI Scheduled Tasks |
|
| IronShade | TryHackMe | 🟡 Medium | ⭐⭐⭐⭐ | Bash Linux Forensics |
|
| Hunter Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | FTK Imager Registry Explorer DCode EvtxECmd Timeline Explorer PECmd Sublime DB Browser for SQLite SysTools Outlook PST Viewer ShellBags Explorer JumpListExplorer Windows Forensics |
|
| CrownJewel1 | HackTheBox | 🟢 Easy | ⭐⭐⭐⭐⭐ | Hayabusa Timeline Explorer EVTXCmd MFTECmd Event Viewer ntds.dit Volume Shadow Copies |
|
| Lockbit Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | EVTXCmd Timeline Explorer Notepad ++ VirusTotal |
|
| DarkCrystal Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | Volatility3 Timeline Explorer EVTXCmd |
|
| QBot Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | Volatility3 VirusTotal Malicious Excel Document |
|
| ELPACO-team Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | EVTXCmd Timeline Explorer MFTECmd VirusTotal |
|
| Retracted | TryHackMe | 🟢 Easy | ⭐⭐ | Event Viewer |
|
| Unattended | TryHackMe | 🟡 Medium | ⭐⭐⭐ | Registry Explorer Autopsy |
|
| Disgruntled | TryHackMe | 🟢 Easy | ⭐ | cat |
|
| Secret Recipe | TryHackMe | 🟡 Medium | ⭐⭐⭐⭐ | Registry Explorer |
|
| Critical | TryHackMe | 🟢 Easy | ⭐⭐⭐⭐⭐ | Volatility3 strings |
|
| Tempest | TryHackMe | 🟡 Medium | ⭐⭐⭐⭐⭐ | Timeline Explorer WireShark Brim CyberChef VirusTotal |
|
| Boogeyman 2 | TryHackMe | 🟡 Medium | ⭐⭐⭐⭐⭐ | text editor Olevba Volatility2 |
|
| Ramnit | CyberDefenders | 🟢 Easy | ⭐⭐⭐⭐ | Volatility3 VirusTotal |
|
| Reveal | CyberDefenders | 🟢 Easy | ⭐⭐⭐⭐ | Volatility3 Timeline Explorer VirusTotal |
|
| FakeGPT | CyberDefenders | 🟢 Easy | ⭐⭐⭐⭐⭐ | ExtAnalysis CyberChef |
|
| Brave | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐ | Volatility3 HxD |
|
| Redline | CyberDefenders | 🟢 Easy | ⭐⭐⭐⭐ | Volatility3 Timeline Explorer VirusTotal |
|
| Memory Analysis | LetsDefend | 🟡 Medium | ⭐⭐⭐⭐⭐ | Volatility3 VirusTotal Crackstation |
|
| Lockbit | LetsDefend | 🟢 Easy | ⭐⭐⭐⭐ | Volatility3 VirusTotal |
|
| WinRar 0-Day | LetsDefend | 🟡 Medium | ⭐⭐⭐ | Volatility3 CyberChef |
|
| BlackEnergy Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐ | Volatility3 Timeline Explorer VirusTotal |
|
| Memory Analysis - Ransomware | BTLO | 🟡 Medium | ⭐⭐⭐⭐ | Volatility3 |
|
| Tardigrade | TryHackMe | 🟡 Medium | ⭐ | Linux command-line |
|
| Sysinternals | CyberDefenders | 🟡 Medium | ⭐⭐ | Autopsy AppCompatParser AmCacheParser VirusTotal |
|
| REvil Corp | TryHackMe | 🟡 Medium | ⭐⭐⭐ | Redline VirusTotal |
|
| Forensics | TryHackMe | 🔴 Hard | ⭐⭐⭐⭐⭐ | Volatility3 strings |
|
| Dead End? | TryHackMe | 🔴 Hard | ⭐⭐⭐ | Volatility3 FTK Imager VirusTotal |
|
| Insider Lab | CyberDefenders | 🟢 Easy | ⭐⭐⭐ | FTK Imager |
|
| Seized Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐ | Volatility3 strings |
|
| Browser Forensics - Cryptominer | BTLO | 🟢 Easy | ⭐⭐⭐ | FTK Imager |
|
| Kraken Keylogger Lab | CyberDefenders | 🟡 Medium | ⭐⭐ | DB Browser for SQLite LECmd text editor |
|
| HireMe Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐ | FTK Imager Registry Explorer LECmd RegRipper OST Viewer |
|
| DumpMe Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | Voltiliaty2 VirusTotal |
|
| AfricanFalls Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐ | FTK Imager rifiuti2 Browsing History View PECmd ShellBags Explorer |
|
| Injector Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | FTK Imager Volatility3 Registry Explorer cut |
|
| NintendoHunt Lab | CyberDefenders | 🔴 Hard | ⭐⭐ | Volatility2 Strings |
|
| DeepDive Lab | CyberDefenders | 🔴 Hard | ⭐⭐ | Volatility2 VirusTotal |
|
| CorporateSecrets Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | FTK Imager MFTECmd Timeline Explorer RegRipper PECmd |
|
| Bruteforce | BTLO | 🟡 Medium | ⭐⭐⭐⭐⭐ | Timeline Explorer cat |
|
| Silent Breach | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | FTK Imager Browsing History View DB Browser for SQLite Strings Grep |
|
| Amadey Lab | CyberDefenders | 🟢 Easy | ⭐⭐⭐ | Volatility3 |
|
| DiskFiltration | TryHackMe | 🔴 Hard | ⭐⭐⭐⭐ | Autopsy Timeline Explorer MFTECmd Exiftool HxD |
|
| Volatility Traces Lab | CyberDefenders | 🟢 Easy | ⭐⭐⭐⭐⭐ | Volatility 3 Defense Evasion |
|
| MeteorHit Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | Registry Explorer Timeline Explorer EVTXCmd MFTECmd VirusTotal NTFS Forensics Sysmon Defense Evasion |
|
| Fog Ransomware Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | DB Browser for SQLite MFTECmd Timeline Explorer EvtxECmd VirusTotal |
|
| NetX-Support Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | DB Browser for SQLite FTK Imager MFTECmd EVTXCmd PECmd CyberChef Registry Explorer LECmd |
|
| Beta Gamer Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | DB Browser for SQLite FTK Imager MFTECmd EVTXCmd |
|
| Trigona Ransomware Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | EVTXCmd Timeline Explorer Registry Explorer MFTECmd PECmd AmcacheParser |
|
| Deep Blue | BTLO | 🟢 Easy | ⭐⭐⭐ | deepbluecli Event Viewer |
|
| Brutus | HackTheBox | 🟢 Easy | ⭐⭐⭐⭐⭐ | grep awk sed sort uniq last grep auth.log wtmp |
|
| Crownjewel-2 | HackTheBox | 🟢 Easy | ⭐⭐⭐⭐⭐ | EvtxECmd Timeline Explorer |
|
| Operationa Blackout 2025: Phantom Check | HackTheBox | 🟢 Easy | ⭐⭐ | EvtxECmd Timeline Explorer |
This category focuses on packet analysis through PCAP files and zeek logs. Tools like Wireshark, Zeek, and Brim are frequently used.
| Challenge | Writeup | Challenge Link | Difficulty | Rating | Tags |
|---|---|---|---|---|---|
| XXE Infiltration Lab | CyberDefenders | 🟢 Easy | ⭐⭐⭐⭐⭐ | Wireshark Zui |
|
| JetBrains Lab | CyberDefenders | 🟢 Easy | ⭐⭐⭐⭐⭐ | Wireshark Zui CVE-2024-27198 |
|
| Openfire Lab | CyberDefenders | 🟢 Easy | ⭐⭐⭐⭐⭐ | Wireshark Zui CyberChef CVE-2023-32315 |
|
| Trident Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | Wireshark Zui NetworkMiner VirusTotal IDA Pro scdbg CVE-2021-40444 shellcode analysis |
|
| NukeTheBrowser Lab | CyberDefenders | 🔴 Hard | ⭐⭐⭐⭐⭐ | Wireshark Zui VirusTotal scdbg CVE-2005-2127 shellcode analysis |
|
| HoneyBOT Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | Wireshark Zui NetworkMiner VirusTotal scdbg CVE-2003-0533 shellcode analysis |
|
| Malware Traffic Analysis 5 Lab | CyberDefenders | 🟡 Medium | ⭐⭐ | Wireshark Zui VirusTotal Oledump Thunderbird |
|
| Malware Traffic Analysis 4 Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | Wireshark Zui NetworkMiner VirusTotal |
|
| Malware Traffic Analysis 3 Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | Wireshark Zui NetworkMiner VirusTotal GHex pesec Python |
|
| Malware Traffic Analysis 2 Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | Wireshark Zui NetworkMiner VirusTotal |
|
| Malware Traffic Analysis 1 Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | Wireshark Zui NetworkMiner VirusTotal |
|
| WireDive Lab | CyberDefenders | 🟡 Medium | ⭐ | Wireshark |
|
| Acoustic Lab | CyberDefenders | 🟡 Medium | ⭐⭐ | Wireshark Zui VoIP Command line |
|
| RetailBreach Lab | CyberDefenders | 🟢 Easy | ⭐⭐⭐⭐⭐ | Wireshark Zui CyberChef VirusTotal |
|
| RCEMiner Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | Wireshark VirusTotal |
|
| BlueSky Ransomware Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | Wireshark Zui Event Log Explorer CyberChef VirusTotal |
|
| HawkEye Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | Wireshark Zui NetworkMiner VirusTotal |
|
| PacketMaze Lab | CyberDefenders | 🟡 Medium | ⭐ | Wireshark NetworkMiner |
|
| Boogeyman 1 | TryHackMe | 🟡 Medium | ⭐⭐⭐ | Thunderbird lnkparse cat Wireshark |
|
| PacketDetective | CyberDefenders | 🟢 Easy | ⭐⭐⭐⭐ | Wireshark |
|
| DanaBot | CyberDefenders | 🟢 Easy | ⭐⭐⭐⭐ | Wireshark VirusTotal Network Miner |
|
| Web Investigation | CyberDefenders | 🟢 Easy | ⭐⭐⭐⭐⭐ | Wireshark MaxMind GeoIP database |
|
| WebStrike | CyberDefenders | 🟢 Easy | ⭐⭐⭐⭐ | Wireshark |
|
| PoisonedCredentials | CyberDefenders | 🟢 Easy | ⭐⭐ | Wireshark |
|
| TomCat Takeover | CyberDefenders | 🟢 Easy | ⭐⭐⭐⭐⭐ | Wireshark |
|
| PsExec Hunt | CyberDefenders | 🟢 Easy | ⭐⭐⭐ | Wireshark |
|
| Shellshock Attack | LetsDefend | 🟢 Easy | ⭐ | Wireshark |
|
| HTTP Basic Auth | LetsDefend | 🟢 Easy | ⭐⭐ | Wireshark |
|
| Brute Force Attack | LetsDefend | 🟡 Medium | ⭐⭐⭐⭐ | Wireshark cat grep |
|
| OpenWire Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐ | Wireshark |
|
| Network Analysis - Web Shell | BTLO | 🟢 Easy | ⭐⭐⭐⭐ | Wireshark |
|
| XMLRat Lab | CyberDefenders | 🟢 Easy | ⭐⭐⭐⭐⭐ | Wireshark VirusTotal CyberChef |
|
| Network Analysis - Ransomware | BTLO | 🟡 Medium | ⭐⭐ | Wireshark |
|
| l337 S4uc3 Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | Wireshark Network Miner Brim volatility 2 |
|
| Piggy | BTLO | 🟢 Easy | ⭐⭐⭐ | Wireshark VirusTotal |
|
| Shiba Insider | BTLO | 🟢 Easy | ⭐⭐ | Wireshark exiftool |
|
| Tshark Challenge II: Directory | TryHackMe | 🟢 Easy | ⭐⭐⭐⭐⭐ | Tshark VirusTotal |
|
| TShark Challenge 1: Teamwork | TryHackMe | 🟢 Easy | ⭐⭐ | Tshark VirusTotal |
|
| TShark | TryHackMe | 🟡 Medium | ⭐⭐⭐ | Tshark |
|
| Carnage | TryHackMe | 🟡 Medium | ⭐⭐⭐⭐⭐ | Wireshark VirusTotal |
|
| Warzone 2 | TryHackMe | 🟡 Medium | ⭐⭐⭐⭐⭐ | Brim Network Miner Wireshark VirusTotal CyberChef |
|
| Warzone 1 | TryHackMe | 🟡 Medium | ⭐⭐⭐⭐⭐ | Brim Network Miner Wireshark VirusTotal |
|
| Masterminds | TryHackMe | 🟡 Medium | ⭐⭐⭐⭐⭐ | Brim VirusTotal |
|
| Zeek Exercises | TryHackMe | 🟡 Medium | ⭐⭐⭐⭐⭐ | zeek CyberChef VirusTotal |
This section focuses on investigating mobile devices.
| Challenge | Writeup | Challenge Link | Difficulty | Rating | Tags |
|---|---|---|---|---|---|
| AndroidBreach Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐ | ALEAPP jadx CyberChef Android Forensics |
|
| The Crime lab | CyberDefenders | 🟢 Easy | ⭐⭐⭐⭐⭐ | ALEAPP |
|
| Eli Lab | CyberDefenders | 🟡 Medium | ⭐⭐ | CLEAPP |
Writeups here explore intrusion detection and prevention systems like Snort. These labs simulate network-based attacks and help develop skills in detecting and repsonding to suspicious traffic patterns and rule-based alerts.
| Challenge | Writeup | Challenge Link | Difficulty | Rating | Tags |
|---|---|---|---|---|---|
| Snort Challenge the Basics | TryHackMe | 🟡 Medium | ⭐⭐ | Snort |
|
| Snort Challenge live attacks | TryHackMe | 🟡 Medium | ⭐⭐⭐ | Snort |
These challenges involve using SIEMs like Splunk, ELK, and Wazuh to identify threats.
| Challenge | Writeup | Challenge Link | Difficulty | Rating | Tags |
|---|---|---|---|---|---|
| T1110-003 Lab | CyberDefenders | 🟢 Easy | ⭐⭐⭐⭐ | ELK password spraying RDP |
|
| REvil Lab | CyberDefenders | 🟢 Easy | ⭐⭐⭐⭐⭐ | ELK |
|
| HafinumAPT Lab | CyberDefenders | 🔴 Hard | ⭐⭐⭐⭐⭐ | ELK |
|
| GitTheGate Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐ | ELK CVE-2019-7609 |
|
| Kerberoasted Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | ELK Kerberoasting |
|
| ElasticCase Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | ELK |
|
| Monday Monitor | TryHackMe | 🟢 Easy | ⭐⭐⭐ | Wazuh CyberChef |
|
| NerisBot Lab | CyberDefenders | 🟢 Easy | ⭐⭐⭐⭐⭐ | Splunk Zeek Suricata VirusTotal |
|
| Peak | BTLO | 🟡 Medium | ⭐⭐ | ELK |
|
| Defaced | BTLO | 🟢 Easy | ⭐⭐ | ELK |
|
| SOC Alpha 3 | BTLO | 🟡 Medium | ⭐⭐⭐⭐⭐ | ELK VirusTotal |
|
| SOC Alpha 2 | BTLO | 🟢 Easy | ⭐⭐⭐⭐⭐ | ELK |
|
| SOC Alpha 1 | BTLO | 🟢 Easy | ⭐⭐⭐ | ELK |
|
| Middle Mayhem | BTLO | 🟢 Easy | ⭐⭐⭐ | ELK |
|
| Boogeyman 3 | TryHackMe | 🟡 Medium | ⭐⭐⭐⭐⭐ | ELK |
|
| New Hire Old Artifacts | TryHackMe | 🟡 Medium | ⭐⭐⭐⭐⭐ | ELK |
|
| PS Eclipse | TryHackMe | 🟡 Medium | ⭐⭐⭐⭐⭐ | ELK |
|
| Conti | TryHackMe | 🟡 Medium | ⭐⭐⭐⭐⭐ | ELK |
|
| SlingShot | TryHackMe | 🟢 Easy | ⭐⭐⭐⭐ | ELK CyberChef |
|
| Benign | TryHackMe | 🟡 Medium | ⭐⭐⭐ | ELK |
|
| Investigating with Splunk | TryHackMe | 🟡 Medium | ⭐⭐⭐⭐⭐ | Splunk |
|
| ItsyBitsy | TryHackMe | 🟡 Medium | ⭐⭐⭐ | ELK |
These labs focus on cyber threat intelligence, you will learn how to use threat intelligence platforms like VirusTotal, Malpedia, MITRE ATT&CK, and much more. Most of these challenges involve tracking malware campaigns, attributing malware to threat actors, etc.
| Challenge | Writeup | Challenge Link | Difficulty | Rating | Tags |
|---|---|---|---|---|---|
| Trooper | TryHackMe | 🟢 Easy | ⭐⭐⭐⭐ | Open CTI |
|
| Yellow RAT | CyberDefenders | 🟢 Easy | ⭐⭐ | VirusTotal |
|
| GrabThePhiser | CyberDefenders | 🟢 Easy | ⭐⭐⭐ | Sublime |
|
| Red Stealer | CyberDefenders | 🟢 Easy | ⭐⭐ | VirusTotal MalwareBazaar |
|
| PhishStrike Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | Sublime URLhaus VirusTotal |
|
| Tusk Infostealer Lab | CyberDefenders | 🟢 Easy | ⭐ | Kaspersky Threat Intelligence Portal VirusTotal |
|
| Oski Lab | CyberDefenders | 🟢 Easy | ⭐⭐ | VirusTotal any.run |
|
| IcedID | CyberDefenders | 🟢 Easy | ⭐ | VirusTotal Tria.ge Malpedia |
This section dives into investigating emails, primarily phishing emails. You will learn how to extract headers, decode payloads, verify SPF/DKIM records, and asess malicious indicators in emails.
| Challenge | Writeup | Challenge Link | Difficulty | Rating | Tags |
|---|---|---|---|---|---|
| Greenholt Phish | TryHackMe | 🟢 Easy | ⭐⭐⭐⭐⭐ | Thunderbird mxtoolbox VirusTotal |
|
| Snapped Phish-ing Line | TryHackMe | 🟢 Easy | ⭐⭐⭐⭐ | VirusTotal text editor |
|
| Phishing Analysis | BTLO | 🟢 Easy | ⭐⭐⭐⭐⭐ | Sublime URL2PNG |
|
| Phishing Analysis 2 | BTLO | 🟢 Easy | ⭐⭐⭐⭐⭐ | Sublime CyberChef |
|
| Phishy v1 | BTLO | 🟡 Medium | ⭐⭐⭐ |
This section focuses on static and dynamic malware analysis. These writeups document the analysis of malicious PE files, scripts, macros, and more.
| Challenge | Writeup | Challenge Link | Difficulty | Rating | Tags |
|---|---|---|---|---|---|
| TeleStealer Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | DIE ProcMon Wireshark Python |
|
| AgentTesla Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | DIE AutoIT Extractor PE-sieve Process Explorer CFF Explorer dnSpy CyberChef ProcMon |
|
| MalaCrypt Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | PE Studio Floss Strings CyberChef VirusTotal ProcMon Cutter Capa |
|
| XWorm Lab | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | PE Studio DIE dnSpy ANY.RUN VirusTotal |
|
| MalBuster | TryHackMe | 🟡 Medium | ⭐⭐⭐⭐ | pestudio detect it easy VirusTotal CTF Explorer capa floss |
|
| Mr. Phisher | TryHackMe | 🟢 Easy | ⭐ | LibreOffice Writer |
|
| Dunkle Materie | TryHackMe | 🟡 Medium | ⭐⭐⭐⭐ | ProcDOT VirusTotal |
|
| Maldoc101 | CyberDefenders | 🟡 Medium | ⭐⭐⭐⭐⭐ | oledump VirusTotal olevba CyberChef |
|
| Downloader | LetsDefend | 🔴 Hard | ⭐⭐⭐⭐⭐ | IDA Pro |
|
| Malicious Doc | LetsDefend | 🟢 Easy | ⭐ | VirusTotal |
|
| PowerShell Script | LetsDefend | 🟢 Easy | ⭐⭐ | text editor VirusTotal |
|
| Suspicious USB Stick | BTLO | 🟡 Medium | ⭐ | text editor VirusTotal peepdf |
|
| Reverse Engineering - A Classic Injection | BTLO | 🟢 Easy | ⭐⭐⭐⭐⭐ | pestudio detect it easy IDA Pro Procmon CyberChef |
|
| PowerShell Analysis - Keylogger | BTLO | 🟢 Easy | ⭐⭐ | text editor |
|
| Injection Series Part 3 | BTLO | 🟡 Medium | ⭐⭐⭐⭐⭐ | cutter IDA Pro CyberChef |
|
| Injection Series Part 4 | BTLO | 🟢 Easy | ⭐⭐⭐⭐⭐ | IDA Pro CyberChef |
|
| Reverse Engineering - Another Injection | BTLO | 🟢 Easy | ⭐⭐⭐⭐ | detect it easy strings IDA Pro CyberChef |
|
| Malware Analysis - Ransomware Script | BTLO | 🟢 Easy | ⭐⭐⭐ | text editor |
|
| Nonyx | BTLO | 🟢 Easy | ⭐⭐⭐⭐ | volatility 2 |
|
| Anakus | BTLO | 🟢 Easy | ⭐⭐⭐ | detect it easy VirusTotal sigcheck timeline explorer |
Challenges in this section involve understanding program logic and uncovering hidden functionality from binaries. They often require IDA Pro, Ghidra, or Radare2.
| Challenge | Writeup | Challenge Link | Difficulty | Rating | Tags |
|---|---|---|---|---|---|
| Reversing ELF | TryHackMe | 🟢 Easy | ⭐⭐⭐⭐ | radare2 strings |
|
| DLL Stealer | LetsDefend | 🟡 Medium | ⭐⭐⭐⭐⭐ | dotPeek |
|
| Beginner Crackme | Crackmes.one | 🟢 Easy | ⭐ | IDA Pro |
This section contains writeups focused on penetration testing. Challenges are typically boot2root which involve scanning, enumeration, vulnerability analysis and exploitation, privilege escalation, and more. Great for building foundation penetration testing skills and learning common attacks.
| Challenge | Writeup | Challenge Link | Difficulty | Rating | Tags |
|---|---|---|---|---|---|
| Basic | HackThisSite | 🟡 Medium | ⭐⭐⭐ | burp suite |
|
| Silver Platter | TryHackMe | 🟢 Easy | ⭐⭐⭐ | Nmap GoBuster ssh privilege escalation |
|
| Dav | TryHackMe | 🟢 Easy | ⭐⭐⭐ | Nmap GoBuster hydra privilege escalation |
|
| Wgel CTF | TryHackMe | 🟢 Easy | ⭐⭐⭐ | Nmap dirb ssh privilege escalation |
|
| Lookup | TryHackMe | 🟢 Easy | ⭐⭐⭐⭐ | Nmap hydra searchsploit metasploit privilege escalation |
|
| Toolsrus | TryHackMe | 🟢 Easy | ⭐⭐⭐ | Nmap dirbuster hydra nikto metasploit msfvenom |
|
| Raven 1 | VulnHub | 🟡 Medium | ⭐⭐⭐⭐⭐ | arp-scan Nmap GoBuster wpscan nikto hydra ssh mysql |
|
| Pickle Rick | VulnHub | 🟢 Easy | ⭐⭐⭐⭐⭐ | Nmap GoBuster nikto privilege escalation |
|
| Mr Robot | VulnHub | 🟡 Medium | ⭐⭐⭐⭐ | arp-scan Nmap GoBuster nikto wpscan hydra hashcat privilege escalation |
|
| Photographer | VulnHub | 🟡 Medium | ⭐⭐⭐⭐⭐ | arp-scan Nmap GoBuster nikto enum4linux SMB burp suite |
|
| Lazy Admin | VulnHub | 🟡 Medium | ⭐⭐⭐⭐⭐ | Nmap GoBuster hash-identifier searchsploit privilege escalation |
|
| IDE | TryHackMe | 🟢 Easy | ⭐⭐⭐⭐⭐ | Nmap FTP searchsploit ssh privilege escalation |
|
| Easy peasy | TryHackMe | 🟢 Easy | ⭐⭐⭐⭐⭐ | Nmap GoBuster hash-identifier CyberChef steghide ssh privilege escalation |
|
| Colddbox Vulnhub | VulnHub | 🟢 Easy | ⭐⭐⭐⭐⭐ | Nmap GoBuster wpscan hydra privilege escalation |
|
| Colddbox THM | TryHackMe | 🟢 Easy | ⭐⭐⭐⭐⭐ | Nmap GoBuster wpscan hydra privilege escalation |
|
| Bounty Hacker | TryHackMe | 🟢 Easy | ⭐⭐⭐⭐ | Nmap FTP hydra privilege escalation |
|
| Blogger1 | VulnHub | 🟢 Easy | ⭐⭐⭐⭐⭐ | arp-scan Nmap GoBuster wpscan privilege escalation |
|
| Basic Pentesting | TryHackMe | 🟢 Easy | ⭐⭐⭐⭐ | Nmap GoBuster enum4linux SMB hydra john privilege escalation |
|
| Anonymous | TryHackMe | 🟡 Medium | ⭐⭐⭐⭐ | Nmap enum4linux SMB FTP privilege escalation |
|
| Agent Sudo | TryHackMe | 🟢 Easy | ⭐⭐⭐⭐ | Nmap curl hydra FTP binwalk steghide ssh privilege escalation |
Some of the tools used in these writeups include (not limited to):