As a network or security professional, working with PCAPs comes with the territory. Some CTFs also include PCAP challenges, and while Wireshark is the software of choice for some people, learning other tools can help get the flag quickly. In this post, I will cover command-line utilities one can use when working with PCAPs. Misspelled user agent In one of the CTFs I participated in, the task was to find misspelled user agent string. You can do this with Wireshark, but Tshark and Linux …
InfoSec
Working with logs
In some CTFs, working with logs is part of the challenge. While you can certainly use your favorite text editor to find things, I believe it is better to use Linux command-line utilities to acquire the flags quickly. With that said, arming yourself with Linux skills is paramount to your success in CTFs and the real world. This post will cover a few Linux command-line utilities I use in CTFs, typically. Word count Some low-difficulty CTF questions would ask for the number of lines of a …
Passed eJPTv2
Today, I received an email from INE that I passed my eJPTv2 beta exam. It means that I obtained the eJPT certification again, but this time it is for version 2. I discussed my beta exam experience here. I suggest you read it and come back to this. There might be some information that you would want to know before reading the rest of this post. Preparation I received an email from INE on August 8th that they selected me to participate in the eJPTv2 beta program. I started going …
eJPTv2 Beta Exam
Today, I submitted my eJPTv2 beta exam for review. Per INE, it will take about two to three months to review everyone's exam submission. During this time, they will also decide if they want to tweak the exam based on the feedback. Related: Passed eJPTv2 Exam format For obvious reasons, I cannot disclose any of the questions I saw on the exam. I can, however, discuss whatever is public knowledge. Without further ado, here is some information about the exam: Course …
Attacking Cisco IOS device
Cisco IOS-related CVEs get announced consistently, but we will not be exploring any of those in this article. I will, however, demonstrate that attacking a Cisco IOS device is possible with SNMP misconfiguration. If interested, I covered another attack on a Cisco IOS device running HSRP here. I included this exercise on our Paradise Lost: Red Team versus Blue Team event during our CyberFest 2021. Unfortunately, only the blue team members touched this node. The red team focused on …