Sean Lee articles - 49 total
TryHackMe: Smol
At the heart of Smol is a WordPress website, a common target due to its extensive plugin ecosystem....
TryHackMe: Hammer
Nmap Scan We started off with an nmap scan As we can observe, we see 2 ports are...
TryHackMe: Brim
1. What is Brim? What is Brim? Brim is an open-source desktop application that...
TryHackMe: Zeek Exercises
1. Anomalous DNS An alert triggered: "Anomalous DNS Activity". The case was assigned to...
TryHackMe: Zeek
1. Introduction to Network Monitoring Approaches Network monitoring is a set of management...
TryHackMe: NetworkMiner
Introduction to Network Forensics Network Forensics is a specific subdomain of the...
TryHackMe: Snort Challenge - Live Attacks
Scenario 1: Brute Force First of all, start Snort in sniffer mode and try to figure out...
TryHackMe: Snort Challenge - The Basics
1. Writing IDS Rules (HTTP) Flag 1 Navigate to the task folder and use the...
TryHackMe: Snort
1. Snort Before diving into Snort and analysing traffic, let's have a brief overview of...
TryHackMe: Traffic Analysis Essentials
Network Security The essential concern of Network Security focuses on two core concepts:...
TryHackMe: MISP
1. Introduction What is MISP? MISP (Malware Information Sharing Platform) is an...
TryHackMe: OpenCTI
OpenCTI OpenCTI is another open-sourced platform designed to provide organisations with...
LetsDefend: SOC274 - Palo Alto Networks PAN-OS Command Injection Vulnerability Exploitation (CVE-2024-3400)
Upon examining source IP of 144[.]172[.]79[.]92, we see that it is flagged as malicious. As the...
![LetsDefend: SOC287 - Arbitrary File Read on Checkpoint Security Gateway [CVE-2024-24919]](https://media2.dev.to/dynamic/image/width=1000,height=500,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fef5xbhipjwx1jx2d2kok.png)
LetsDefend: SOC287 - Arbitrary File Read on Checkpoint Security Gateway [CVE-2024-24919]
🛡️ Security Incident Report: CVE-2024-24919 Exploitation Attempt Date: June 6, 2024 Time: 03:12...
LetsDefend: SOC335 - CVE-2024-49138 Exploitation Detected
Incident Case Report Case Title: CVE-2024-49138 Exploitation via svohost.exe and Remote...
TryHackMe: Yara
What is Yara? All about Yara "The pattern matching swiss knife for malware researchers...
TryHackMe: Threat Intelligence Tools
Threat Intelligence Threat Intelligence Classifications: Threat Intel is geared...
TryHackMe Hackfinity Battle Writeups
This Google Drive link contains all the writeups I could compile from solving various CTF challenges....
TryHackMe: HTTP/2 Request Smuggling
HTTP/2 uses a binary format and clearly defines boundaries for elements in...
TryHackMe: HTTP Request Smuggling
Headers Involved Emphasis on headers: Content-Length that states the number of...
TryHackMe: CORS & SOP
Same Origin Policy (SOP) Policy that instructs how web browsers interact between web...
TryHackMe: DOM-Based XSS
Which sinks can lead to DOM-XSS vulnerabilities? The following are some of the main sinks...
TryHackMe: XSS
JavaScript for XSS In web browser, go Inspect Element, then go to Console. Let’s review...
TryHackMe: Prototype Pollution
In JS, Prototype functions similarly to Classes Difference Between Class and Prototype in...
TryHackMe: Race Conditions
Real World Analogy Example A Let’s consider this scenario: A bank account has...
TryHackMe: File Inclusion, Path Traversal
Types Relative vs Absolute Pathing Relative Pathing: Locates files based...
TryHackMe: SSRF
What is SSRF When developing networked software, it's common to make requests to external...
TryHackMe: Insecure Deserialisation
Serialisation Serialisation is just like taking different pieces of information (like...
TryHackMe: ORM Injection
What is ORM? Object-relational Mapping (ORM) is a programming technique that facilitates...
TryHackMe: LDAP Injection
Understanding LDAP and its Role in Directory Services LDAP (Lightweight Directory Access...