@Capysec Security Research

Introduction :   If there existed an award for the cutest and most benign sounding family of malware, I am not hesitant to say that the developers of the HelloKitty ransomware would be walking home with the highest honor. That being said, the use of charming and otherwise innocuous sounding names for some of the worst and most malicious malware isn’t a new development. From the comforting-sounding ILOVEYOU worm that originated from the Philippines in 2000 and went on to infect the rest of the planet, to Nation State developed spyware like “ Babar ” (referencing the adorable Elephant from the French children’s literature classic), the utilization of harmless and defusing monikers for malware is just another way for threat actors to further explore their creativity and sense of humor. Hell, it's not even uncommon for individuals to give themselves names of  HelloKitty is not the first and will surely not be the last strain of malware to be given such a name, either afterwards b...

  BACKGROUND: I took this certification exam with around 4 months of experience in Information Security and with over 2 years of general IT experience. With that said, no experience is required in order to take the exam, however 1 year of "relevant" experience is required to obtain the full certification, otherwise you will only receive the "Associate of (ISC)2" title, which can be upgraded to the full certification when the experience requirements are met. The reason I took this exam was because my current employer offers a fully free discount on (ISC)2 exams specifically. I planned on initially studying for and attempting CISSP, however I decided to take SSCP first in order to get a feel for how (ISC)2 specifically likes to word their exam questions, as all of my previous IT certifications have been through CompTIA. EXPERIENCE: My mindset for this exam was similar to the mindset that I had when studying for the CompTIA Security+ exam. I did not buy a book however....

Note: This is a reupload of a CTF walkthrough from my original website which no longer exists. Tonight I'll be providing a writeup on the TryHackMe box "Simple CTF" similar to my writeup on Blue. TryHackMe is another great and incredibly educational site dedicated to teaching learners about offensive and defensive cybersecurity. As always, it's typical to start with a basic Nmap scan.  This is one of the typical Nmap scans that I like to run on TryHackMe and HacktheBox machines. It will take longer than most scans due to the enumeration being performed by the vulnerability script. Another I will typically run is - nmap -sC -sV -A x.x.x.x This is an aggressive service scan with default scripts enabled. Here we have quite a bit of output, the bulk of it being a list of CVE's for the specific version of Apache web server running on the target machine. As we can see, Port 21 (FTP), Port 80 (HTTP), and Port 2222 (SSH) are currently open on the target machine. We can al...