Networking on {IT}

Solving the Openfire Lab Blue team challenge

Sun, 24 Aug 2025 11:34:34 +0000

Today we’re reviewing a vulnerability in Openfire. It is a self-hosted alternative to Slack/Teams: you run it on your own infrastructure, control the data, and extend it with plugins.

As a cybersecurity analyst, you are tasked with investigating a data breach targeting your organization’s Openfire messaging server.

Attackers have exploited a vulnerability in the server, compromising sensitive communications and potentially exposing critical data.

Your task is to analyze the provided network capture files using Wireshark. Identify evidence of the exploitation, trace the attacker’s actions, and uncover indicators of compromise.

Solving the ShadowCitadel Lab Blue team challenge 🫆

Sun, 10 Aug 2025 19:33:14 +0000

Today, we dive into a host-based forensics investigation − a curious case of a breach inside the enterprise environment of a company called TechSynergy:

A leading tech firm, TechSynergy, has detected an anomaly after an employee engaged with an unexpected email attachment. This triggered a series of covert operations within the network, including unusual account activity and system alterations.

Security alerts indicate potential access to sensitive infrastructure, with suspicious outbound traffic raising red flags. The incident response team fears a sophisticated attack may be underway, threatening critical data.

Solving the XLMRat Blue team challenge

Sat, 28 Jun 2025 13:46:59 +0000

Today we’re looking at the XLMRat malware. It is a remote access trojan (hence the RAT part) built to be small, sneaky, and stupidly persistent. It typically rides in via phishing or social engineering, often disguised as something mundane, like a JPG or TXT file. It targets Windows systems and speaks fluent PowerShell.

It’s popular among low-effort attackers looking for ready-made tools that still pack a punch. Especially in campaigns targeting individuals or small orgs where endpoint hygiene is weak. There’s a block with more information at the end of this post ⬇️

Solving the BlueSky Ransomware Blue team challenge

Sun, 18 May 2025 16:35:26 +0000

Today we’re looking at the BlueSky ransomware, a strain of malicious software that encrypts files on a victim’s system, rendering them inaccessible until a ransom is paid. First detected in June 2022, it shares similarities with other notorious ransomware families like Conti and Babuk.

BlueSky spreads through methods such as phishing emails, malicious links, and network protocols like SMB (port 445 TCP). Once inside a system, it uses advanced evasion techniques, such as hiding threads from debuggers, to avoid detection. It targets both files and processes, encrypting files with RSA encryption and adding the .bluesky extension to them while maintaining operational stability by avoiding critical system processes.

Solving the DanaBot Blue team challenge

Sun, 04 May 2025 19:54:58 +0000

In this blog post, we’ll walk through a Blue Team lab challenge hosted by CyberDefenders, specifically investigating a breach scenario involving DanaBot malware.

The SOC team has detected suspicious activity in the network traffic, revealing that a machine has been compromised. Sensitive company information has been stolen. Your task is to use Network Capture (PCAP) files and Threat Intelligence to investigate the incident and determine how the breach occurred.

The challenge is presented by CyberDefenders (https://cyberdefenders.org) and can be found here: https://cyberdefenders.org/blueteam-ctf-challenges/danabot.

A convenient homelab SSH jumphost (without the drama)

Sat, 08 Mar 2025 06:44:00 +0000

Managing a homelab is all fun and games until you’re knee-deep in IP addresses, SSH keys, and trying to remember if this server was the one with Kubernetes or the one you broke last Tuesday.

SSH-ing into multiple machines gets messy fast – unless you love memorizing IPs and usernames like some sort of 2000s hacker movie character.

I didn’t 🤷‍♂️

So, I set out to build an SSH jumphost that keeps a list of all servers and lets me connect to any of them by simply picking a friendly name from a menu. No more mental gymnastics – let me show you how I did it.

Proxmox firewall layers in simple terms

Sun, 19 Jan 2025 06:56:00 +0000

Proxmox VE is a phenomenal open-source virtualization platform that many of us (myself included) absolutely love. It’s powered by a strong community, and the fact that we can use it for free in our home labs or even in small production environments is a huge blessing.

In my early days with Proxmox, I struggled a bit with its firewall configuration. Then I took some time to learn how it’s laid out, and the entire system started to make sense.

Solving the WebStrike Blue Team Challenge

Sun, 17 Dec 2023 21:12:03 +0000

The challenge

In the intricate world of cybersecurity, every attack leaves behind digital footprints waiting to be deciphered. In this post, we embark on a brief journey to unravel a cyber threat, dissecting each element that reveals an attacker’s origin, tactics, and motives. Let’s dive in.

The challenge is presented by CyberDefenders (https://cyberdefenders.org) and can be found here: https://cyberdefenders.org/blueteam-ctf-challenges/webstrike/.

Note: This post is not sponsored by or affiliated with CyberDefenders.