Author: André Henriques

Another lab-heavy day, but full of hands-on learning. Today, we dove deeper into forensic imaging – specifically with dc3dd. I created a forensic image of a .img file using the command: After that, I performed integrity checks by comparing hashes of the original and the image to ensure the copy was exact. Then came the…

We kicked off the day with an assessment, and as a cohort, we achieved an impressive 91% accuracy rate! I personally missed one question regarding the type of malware that is self-replicating. I answered “worm,” but upon closer reading, the question mentioned that it attaches itself to host files, which is characteristic of a virus.…

Today, we delved into the fundamentals of malware analysis. We began by exploring various types of malware, including:​ We then transitioned to practical analysis using VirusTotal, a powerful tool for examining files, URLs, IP addresses, and hashes. By uploading a file or entering a hash, VirusTotal aggregates results from multiple antivirus engines to assess potential…

Today, we delved deep into some advanced security topics, focusing on domain attacks like domain hijacking, typoquatting, and techniques such as Pass the Hash and Pass the Ticket. We kicked off the day with a tough challenge learning how to attack Kerberos, which is used to authenticate users on a network. Here’s what we covered:…

We kicked off the day with our usual news segment. My group presented on the recent 4chan leaked credentials incident. As of now, the 4chan site is down most likely because their source code was leaked, including credentials for moderators. I was still feeling the exhaustion from the week, but next up was our SIEM…

I’ll be honest, today I wasn’t as productive. After so many days deep into Splunk, I was getting sick of it. I spent some time helping a classmate with his lab since I had already gone through it. Still, I decided to do the lab all over again just for practice. Even the second time…

Today was packed with labs: one on Splunk dashboards and reports, one focused on an investigation, and another on logging within Splunk. I was a bit ahead because I’d already completed the dashboard lab over the weekend, so I jumped straight into the investigation. Of course, it turned into another headache. The first task was…

We kept digging deeper into Splunk investigations, and for the first time, I came across an encrypted PowerShell command with clear malicious intent. The task? Find the URL that initiated a web request. It wasn’t easy, I struggled for a bit but eventually, I cracked it. That moment of “Yes, I found it!” felt great.…

We dove into the fundamentals of logs as a first step toward using Splunk. Honestly, it wasn’t until I actually started using Splunk that afternoon that I realized just how crucial understanding logs really is. There are many types of logs—security logs, system logs, audit logs, application logs, and more. Each type gives you a…

Today marked the beginning of our deep dive into SIEM (Security Information and Event Management) and EDR (Endpoint Detection and Response) systems. From now on, we’ll be focusing a lot on Splunk and the critical skill of log analysis. We started with an overview of how a SIEM works. In essence, a SIEM collects and…