A blue-team walkthrough of the CyberDefenders Openfire challenge using Wireshark and Zui: recovering the CSRF token and credentials, tracing the malicious plugin upload and reverse shell, and identifying the exploited CVE.
A host-based forensics walkthrough of the ShadowCitadel challenge: following the attack from a malicious email attachment through a PowerShell downloader and second-stage executable to the C2 beacon IP and persistence mechanisms.
A blue-team walkthrough of the CyberDefenders XLMRat challenge: tracing the first-stage download URL and hosting provider from the PCAP, hashing the loader and executable payloads, and identifying the malware family and the LOLBin used for stealthy execution.
A blue-team walkthrough of the CyberDefenders BlueSky ransomware challenge: analyzing the PCAP to find the port-scan source IP, the targeted account, C2 process injection, the downloaded payload, and the registry keys used to disable Windows Defender.
A blue-team walkthrough of the CyberDefenders DanaBot challenge: using PCAP and threat intel to trace the initial-access IP, identify the malicious files and their SHA-256/MD5 hashes, and the process used to execute the banking trojan.
Building a homelab SSH jumphost that lets you pick any server from a fuzzy-finder (fzf) menu by friendly name instead of memorizing IPs, including the select-host script, autoload on login, and SSH key management.
A clear, visual explanation of the Proxmox VE firewall and its three layers (datacenter, node, and VM/container), how rules are matched in practice, and how to configure it on a single-node setup.
A blue-team walkthrough of the CyberDefenders WebStrike challenge: analyzing the PCAP to find the attack’s geographic origin and user agent, the uploaded web shell and its port, the upload directory, and the file targeted for exfiltration.