Windows Fundamentals: User Management

Objective: Understand and manage user accounts and groups in Windows environments

Approach: Explored user permissions, the net user command, and group policies using Command Prompt and PowerShell

Tools: Windows Command Line, PowerShell, Hack The Box Academy

Lessons Learned: The importance of least privilege, proper account enumeration, and recognizing common misconfigurations in user and group management

Certificate: View HTB Windows Fundamentals Certificate

Linux Fundamentals: File Permissions and Ownership

Objective: Understand file and directory permissions in Linux systems

Approach: Practiced using ls -l, chmod, chown, and symbolic vs numeric permissions

Tools: Linux Terminal, Hack The Box Pwnbox

Lessons Learned: How Linux enforces access control via user/group/other permissions, and how misconfigurations can lead to privilege escalation

Certificate: View HTB Linux Fundamentals Certificate

Pawned Fawn Machine On Hackthebox

Summary: Connected FTP, SMB, Telnet, Rsync and RDP anonymously. Used Nmap to identify open ports. Connected to a MongoDB server.

Skills Gained: Network service enumeration, anonymous access exploitation, basic privilege escalation

Pawned Dancing Machine on HacktheBox

Summary: Exploited misconfigured SMB shares to gain initial access, then pivoted through the network using stolen credentials.

Skills Gained: SMB enumeration, password cracking, lateral movement techniques

Pawned Redeemer Machine on Hackthebox

Summary: Exploited Redis database misconfiguration to gain shell access and escalate privileges through cron job manipulation.

Skills Gained: NoSQL database exploitation, cron job privilege escalation, Linux persistence techniques

Pawned the Meow Machine on Hackthebox

Summary: Gained initial access through exposed Telnet service, then exploited PATH variable misconfiguration for root access.

Skills Gained: Telnet exploitation, Linux environment variable manipulation, basic privilege escalation

Performed Defensive Security On Tryhackme

Summary: Practiced SOC analyst workflows including SIEM monitoring, log analysis, and incident response procedures.

Skills Gained: SIEM operations, log correlation, threat detection, incident documentation

Attacktive Directory on TryHackMe

Summary: Explored Active Directory fundamentals, enumeration, and exploitation using common tools like BloodHound and SMB.

Skills Gained: AD enumeration, Kerberos attacks, lateral movement, BloodHound analysis

Windows Forensics 1 on TryHackMe

Summary: Learned disk, memory, and event log analysis techniques to investigate Windows incidents.

Skills Gained: Memory dump analysis, Windows Event Log parsing, forensic artifact collection

Introduction to Networking on HackTheBox

Summary: Covered OSI model, subnetting, routing, and packet inspection with Wireshark and tcpdump.

Skills Gained: Network protocol analysis, packet capturing, subnet calculations

Attacking Web Apps with FFUF on HackTheBox

Summary: Discovered hidden directories, parameters, and files using the FFUF fuzzing tool.

Skills Gained: Web application fuzzing, directory brute-forcing, parameter discovery

MAL: Malware Introductory on TryHackMe

Summary: Introduced to basic malware types, signatures, and static/dynamic analysis techniques.

Skills Gained: Malware classification, basic static analysis, sandbox analysis

Using Metasploit Framework on HackTheBox

Summary: Practiced scanning, exploitation, and post-exploitation using Metasploit modules and Meterpreter.

Skills Gained: Metasploit framework usage, payload generation, post-exploitation modules

OWASP Top 10 - 2021 on TryHackMe

Summary: Studied and exploited web vulnerabilities like XSS, IDOR, SSRF, and Injection based on the OWASP Top 10.

Skills Gained: Web vulnerability exploitation, secure coding principles, vulnerability mitigation

Passive Recon on TryHackMe

Summary: Explored methods to gather information without directly engaging with the target using WHOIS, Shodan, and DNS dumps.

Skills Gained: Open-source intelligence (OSINT), DNS enumeration, infrastructure mapping

Splunk: Exploring SPL on TryHackMe

Summary: Learned how to write Splunk Processing Language queries to analyze logs and detect anomalies.

Skills Gained: Splunk query language, log analysis, correlation searches

SQLi Fundamentals on HackTheBox

Summary: Practiced SQL Injection techniques to extract database content and bypass login forms.

Skills Gained: SQL injection techniques, database enumeration, blind SQLi

Threat Intelligence Tools on TryHackMe

Summary: Worked with tools like VirusTotal, AbuseIPDB, and MISP to collect, correlate, and analyze threat indicators.

Skills Gained: Threat intelligence platforms, IOC analysis, threat actor tracking

Vulnerability Assessment on HackTheBox

Summary: Scanned systems using Nmap and Nessus to identify and assess vulnerabilities.

Skills Gained: Vulnerability scanning, CVSS scoring, remediation prioritization

Web Requests on HackTheBox

Summary: Understood the structure and behavior of HTTP requests and practiced crafting them with Burp Suite and curl.

Skills Gained: HTTP protocol, request manipulation, Burp Suite usage

WiFi Hacking 101 on TryHackMe

Summary: Captured and cracked WPA2 handshakes, deauthenticated users, and scanned wireless networks.

Skills Gained: Wireless security, WPA2 cracking, RF monitoring

L2 MAC Flooding & ARP Spoofing on TryHackMe

Summary: Practiced ARP poisoning and MAC flooding to intercept and analyze network traffic.

Skills Gained: Layer 2 attacks, MITM techniques, network traffic interception

Junior Security Analyst Intro on TryHackMe

Summary: Introductory SOC analyst lab covering alert triage, log correlation, and SIEM usage.

Skills Gained: Security operations, alert investigation, incident response basics

Intro to Log Analysis on TryHackMe

Summary: Analyzed Windows and Linux logs to identify malicious activity using grep, Event Viewer, and audit logs.

Skills Gained: Log analysis, event correlation, anomaly detection

DNS in Detail on TryHackMe

Summary: Explored DNS record types, zone transfers, and DNS reconnaissance using dig, nslookup, and DNSenum.

Skills Gained: DNS protocol, record analysis, DNS enumeration techniques