I’ll be honest, today I wasn’t as productive. After so many days deep into Splunk, I was getting sick of it. I spent some time helping a classmate with his lab since I had already gone through it. Still, I decided to do the lab all over again just for practice.
Even the second time around, it wasn’t as easy as I expected. But I’m starting to get the hang of it. Lately, I’ve been trying to connect things and spot patterns. For example, today I had to find a suspicious binary that made a connection to a remote server. I learned that searching for keywords like “dns” alongside the binary name can be super helpful in that scenario because many malicious binaries resolve domain names through DNS requests before connecting to remote servers, so seeing both in the same log can be a strong indicator of C2 activity.
This lab was a bit easier than others I’ve done. Most of the answers were hidden inside an encrypted PowerShell command, but once I searched the right keywords, the rest fell into place. It was a good reminder that sometimes all it takes is a smart search to find what you’re looking for.
And finally we switched gears!
We started learning about web applications, which was a welcome change after all the Splunk madness. We looked into the anatomy of a URL, breaking it down into parts like:
- Scheme (
http,https) - User (optional, like
user@) - Host/Domain
- Port (e.g.,
:8080) - Path (like
/login) - Query string (e.g.,
?user=admin) - Fragment (
#section1)
We also covered some Common HTTP Request Headers, like:
User-Agent(tells the server what browser or tool is making the request)Accept-Language(indicates language preference)Host(the domain name of the server)Referer(shows the previous page the user came from)
By the end of the day, we jumped into a JavaScript basics lab. Honestly? It confused me. I’ve never really explored web development in depth. I ended up checking out W3Schools and found some beginner-friendly courses and certifications. I might go through a few of them in the future especially if I want to pursue web application penetration testing.
Overall, I felt pretty drained today. I had to take a few breaks here and there. I think this week just had too much Splunk but I’m excited that we’re finally shifting toward the offensive side of things.
