tips & tricks
46 TopicsTrick or Treat on Specter Street: Widow's Web
I am very stucked in Trick or Treat on Specter Street: Widow's Web I can't do none of the questions, but in any case I start by 4th that is the first answerable one Your first task is to simulate the loyal Crawlers. Run legitimate-crawler and inspect the output in Lab-Files to observe their behavior. To simulate the rogue Crawlers, you must discover the hidden paths on the website. Read the blog posts – they contain clues. Disallow these in Website-Files/robots.txt and run malicious-crawler. Inspect the output in Lab-Files. What is the token? I have created the robots.txt file since I understand that malicious-crawler goes expressedly there. My robots.txt contains all url's I can imagin Disallow: /secret Disallow: /treat Disallow: /hidden Disallow: /crypt Disallow: /warden Disallow: /rituals Disallow: /witch-secrets Disallow: /admin Disallow: /vault Disallow: /uncover Disallow: /post1 Disallow: /post2 Disallow: /post3 Disallow: /post4 Disallow: /contact Disallow: /drafts/rituals But the result of malicious-crawler.txt doesn't give me either a token nor a hint I have curl-ed all pages looking for words as token and nothing. I have found some key words in http://127.0.0.1:3000/witch-secrets as intercepted-incantations, decoded them and nothing. I have searched in spider-sigthings.log what hapened at 3.00 am but nothing Can someone gime me a hint?57Views0likes2Commentshelp with A Christmas Catastrophe: A Letter to Santa
I am in the scalation privileges part. Tried to create a symlink to /root/root.txt and to /root in /etc/letters/ waiting cron /etc/chmod.sh takes ownership with chmod 666 instruction and then extract token, but doesn't work Any help? Is there something missing?73Views0likes5CommentsThe Human Connection Challenge Lab 1: Basic OS Skills – Walkthrough Guide (Community Version)
This is a walkthrough guide written by one of our community members, who offered to give their perspective on the challenge. Interestingly, they approached this challenge by completing some of the tasks in the graphical user interface (GUI) instead of the command line.1KViews2likes2CommentsCredential Access - NTDS
Got down to the last two questions and I felt like I've tried all suggestions in the briefing. Can anyone help out with the last two question? Also, the "secretsdump.py -ntds <ntds.dit path> -system <SYSTEM hive path> LOCAL" isn't working but tried "impacket.examples.secretsdump" and it doesn't throw an error, but also doesn't throw any output.172Views1like3CommentsA Step-by-Step Guide to Hosting Your Own Hacktober Event
Organizing engaging, informative, and enjoyable cybersecurity events like Swisscom's Hacktober event doesn't have to be daunting. With strategic groundwork and relevant, interactive challenges, you can create a cybersecurity event that is both fun and educational. Are you considering hosting a similar cybersecurity event? This blog provides a step-by-step guide to creating an impactful event, resulting in a more skilled and prepared workforce.262Views8likes4CommentsCSM Tip:Personal MITRE ATT&CK – Did You Know You Can Print Your Entire Chart?
As we start off a very busy 2025m you may be thinking about preparing for your annual review conversation with your manager. Was upskilling a part of your personal goals? Ever wish you could print/view your personal Mitre ATT&CK framework straight from the Immersive platform. Good new, you CAN! In the Chrome browser Cmd + p (or control + p in windows), and adjusting the scale zoom so the whole thing fits on one page, can then get a pdf of full quality *MAC users be sure to go into “More Settings” and check this box (background graphics): Have you printed your personal MITRE ATT&CK chart? If so, how did you use it?87Views3likes3Comments