We kicked off with some reviewing today on the last challenge we did yesterday. I’m glad I wrote everything down because there were a lot of commands and different tools.
After the review, we dove into an OSINT (Open Source Intelligence) investigation. It started off pretty fun. I used exiftool to extract metadata from an image, which led me to follow breadcrumbs using my favourite search engine. Things were going smoothly until the final question. It turned out to be one of those hidden in plain sight puzzles with white text on a white background. Classic CTF trick, kind of annoying.
With the OSINT challenge wrapped up, I moved on to two more Nmap labs. I had already finished the others, including the one involving Gobuster. Today I focused on going deeper with Nmap’s more advanced scan techniques:
Null scan – sends a packet with no flags set to test how the system responds.
Xmas scan – lights up FIN, PSH, and URG flags, like a Christmas tree, to probe for open ports.
Spoofing and decoys – fakes the source IP or mixes your scan in with fake traffic to avoid detection.
Fragmented packets – splits up the scan into smaller pieces to sneak past firewalls.
These are just a few of many.
We wrapped up the day with a Career Services meeting. It was mostly about crafting a solid CV and polishing your LinkedIn profile. Important stuff for sure, but right now, my head’s fully in the game with this bootcamp and all things penetration testing. Once the 31 days are over, I’ll shift gears and tackle the job-hunting side of things.
