As a network or security professional, working with PCAPs comes with the territory. Some CTFs also include PCAP challenges, and while Wireshark is the software of choice for some people, learning other tools can help get the flag quickly. In this post, I will cover command-line utilities one can use when working with PCAPs. Misspelled user agent In one of the CTFs I participated in, the task was to find misspelled user agent string. You can do this with Wireshark, but Tshark and Linux …
Blog
Working with logs
In some CTFs, working with logs is part of the challenge. While you can certainly use your favorite text editor to find things, I believe it is better to use Linux command-line utilities to acquire the flags quickly. With that said, arming yourself with Linux skills is paramount to your success in CTFs and the real world. This post will cover a few Linux command-line utilities I use in CTFs, typically. Word count Some low-difficulty CTF questions would ask for the number of lines of a …
Passed GMON
Back in March, I passed the GMON (GIAC Continuous Monitoring) certification exam, and I wanted to share my experience. As a follower, you may remember that I passed the GCIA exam last year. With this certification exam, I scored a bit higher than my GCIA exam, but not quite like my GCIH exam results. Exam information The exam has the following format: SEC511 class The SEC511 was the second lengthiest SANS class I have ever taken - the first one was SEC503. If …
Turkey Express Mini CTF
Since I have taken Antisyphon training in the past, I am on their email list. I noticed that I received an email from them on November 21st about their Turkey Express Mini CTF. I know about their cyber range but never signed up for it, even though I was curious. Since they released this CTF, I will treat this as a sample for their cyber range. It may not be fair, but I do not have anything to go on. Challenges When I signed up for their CTF, I was delighted to see there were …
Passed eJPTv2
Today, I received an email from INE that I passed my eJPTv2 beta exam. It means that I obtained the eJPT certification again, but this time it is for version 2. I discussed my beta exam experience here. I suggest you read it and come back to this. There might be some information that you would want to know before reading the rest of this post. Preparation I received an email from INE on August 8th that they selected me to participate in the eJPTv2 beta program. I started going …