CTF Writeups

This is my collection of CTF writeups covering digital forensics, threat detection, exploitation analysis, incident response exercises, and many more. This repository documents the process I used to analyze and solve challenges from various security training platforms. My goal is to provide a clear record of investigation techniques, tools, and reasoning used during each challenge.

Writeups

Each writeup in this repository provides a step-by-step breakdown of the approach taken to retrieve the challenge flag. The writeups explain the investigation process used to solve the challenge, including the tools, commands, and reasoning behind the analysis. Challenges are grouped by their general category, such as DFIR, threat intelligence, and network forensics. The difficulty labels categorized in the writeups follow the ratings provided by the original platform so whatever HackTheBox or TryHackMe labeled as Easy or Hard is what I used.

Difficulty	Rating
Very Easy	⭐
Easy	⭐⭐
Medium	⭐⭐⭐
Hard	⭐⭐⭐⭐
Insane	⭐⭐⭐⭐⭐

Table of Contents

• Endpoint Forensics
• Network Forensics
• DFIR
• Cyber Threat Intelligence (CTI)
• Open-Source Intelligence (OSINT)
• Phishing Analysis
• Tools

Endpoint Forensics

Name	Writeup	Challenge	Difficulty	Rating	Tags
Redline Lab	Link	CyberDefenders	Easy	⭐⭐	Volatility3 strings
Ramnit Lab	Link	CyberDefenders	Easy	⭐⭐	Volatility3 VirusTotal
Insider Lab	Link	CyberDefenders	Easy	⭐⭐	FTK Imager LogViewer2
Amadey - APT-C-36 Lab	Link	CyberDefenders	Easy	⭐⭐	Volatility3 grep strings
The Crime Lab	Link	CyberDefenders	Easy	⭐⭐	ALEAPP

Network Forensics

Name	Writeup	Challenge	Difficulty	Rating	Tags
Tomcat Takeover Lab	Link	CyberDefenders	Easy	⭐⭐	Wireshark
PacketDetective Lab	Link	CyberDefenders	Easy	⭐⭐	Wireshark
DanaBot Lab	Link	CyberDefenders	Easy	⭐⭐	Wireshark VirusTotal
PsExec Hunt Lab	Link	CyberDefenders	Easy	⭐⭐	Wireshark
Poisoned Credentials Lab	Link	CyberDefenders	Easy	⭐⭐	Wireshark

DFIR

Name	Writeup	Challenge	Difficulty	Rating	Tags
Summit	Link	TryHackMe	Easy	⭐⭐	MITRE ATT&CK Pyramid of Pain
Campfire-2	Link	HackTheBox	Very Easy	⭐	Event Viewer
Brutus	Link	HackTheBox	Very Easy	⭐	grep cat MITRE ATT&CK

Cyber Threat Intelligence (CTI)

Name	Writeup	Challenge	Difficulty	Rating	Tags
IceID Lab	Link	CyberDefenders	Easy	⭐⭐	VirusTotal MITRE ATT&CK
GrabThePhisher Lab	Link	CyberDefenders	Easy	⭐⭐	VSCode
3CX Supply Chain Lab	Link	CyberDefenders	Easy	⭐⭐	VirusTotal MITRE ATT&CK
Red Stealer Lab	Link	CyberDefenders	Easy	⭐⭐	VirusTotal MalwareBazaar ThreatFox
Yellow RAT Lab	Link	CyberDefenders	Easy	⭐⭐	VirusTotal
Oski Lab	Link	CyberDefenders	Easy	⭐⭐	MITRE ATT&CK VirusTotal Any.Run
Eviction	Link	TryHackMe	Easy	⭐⭐	MITRE ATT&CK
Dream Job-1	Link	HackTheBox	Easy	⭐⭐	MITRE ATT&CK VirusTotal

Open-Source Intelligence (OSINT)

Name	Writeup	Challenge	Difficulty	Rating	Tags
Lespion Lab	Link	CyberDefenders	Easy	⭐⭐	Google Images search CyberChef
Dev Diaries	Link	TryHackMe	Easy	⭐⭐	pentesting-tools GitHub
Missing Person	Link	TryHackMe	Easy	⭐⭐	Google Images search exifmeta

Phishing Analysis

Name	Writeup	Challenge	Difficulty	Rating	Tags
Snapped Phish-ing Line	Link	TryHackMe	Easy	⭐⭐	VirusTotal CyberChef whois grep
The Greenholt Phish	Link	TryHackMe	Easy	⭐⭐	whois VirusTotal
Phishing Analysis Tools	Link	TryHackMe	Easy	⭐⭐	CyberChef Any.Run

Tools

Tool	Category	Link
LogViewer2	Endpoint Forensics	https://github.com/woanware/LogViewer2
FTK Imager	Endpoint Forensics	https://www.exterro.com/digital-forensics-software/ftk-imager
Volatility3	Endpoint Forensics	https://github.com/volatilityfoundation/volatility3
ALEAPP	Endpoint Forensics	https://github.com/abrignoni/ALEAPP
Wireshark	Network Forensics	https://www.wireshark.org/
MITRE ATT&CK	CTI	https://attack.mitre.org/
VirusTotal	CTI	https://www.virustotal.com/
WhoIs	CTI	https://www.whois.com/whois/
Any.Run	Malware Analysis	https://any.run/
CyberChef	DFIR	https://gchq.github.io/CyberChef/
ExifMeta	OSINT	https://exifmeta.com/