February 13th 2025 | #dfir #letsdefend

CVE-2025-21298 is a high-severity Windows OLE vulnerability disclosed in January 2025 that has been assigned a CVSS 3.1 score of 9.8. Affected operating systems are Windows 10, 11, Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, 2022, 2025. It allows for remote code execution (RCE) through specially crafted emails, posing significant risks to users and organizations.

February 1st 2025 | #ctf #hacktoria #osint

January 30th 2025 | #ctf #tryhackme

Can you help Hack3M reach 3M subscribers?

January 25th 2025 | #ctf #hackthebox #osint

The SOC team has recently been alerted to the potential existence of an insider threat. The suspect employee's workstation has been secured and examined. During the memory analysis, the Senior DFIR Analyst succeeded in extracting several intriguing URLs from the memory. These are now provided to you for further analysis to uncover any evidence, such as indications of data exfiltration or contact with malicious entities. Should you discover any information regarding the attacking group or individuals involved, you will collaborate closely with the threat intelligence team. Additionally, you will assist the Forensics team in creating a timeline. Warning : This Sherlock will require an element of OSINT and some answers can be found outside of the provided artifacts to complete fully.

January 24th 2025 | #ctf #tryhackme

"Crack the code, command the exploit! Dive into the heart of the system with just an RCE CVE as your key."

January 22nd 2025 | #ctf #cti #tryhackme

Task: "Use Cyber Threat Intelligence knowledge and skills to identify a threat based on a report."

December 21st 2024 | #ctf #hackthebox

Medium machine on hackthebox

November 22nd 2024 | #en #soc

Malware was detected on endpoint RichardPRD (172.16.17.45). Infected file is 1word.doc. VT (48/63) https://www.virustotal.com/gui/file/d34849e1c97f9e615b3a9b800ca1f11ed04a92b1014f55aa0158e3fffc22d78f Maldoc with VBA code. First Seen In The Wild on 2020-06-11 at 13:11:14 UTC. IoCs relate this document to Emotet Malware.

December 14th 2023 | #en #soc

I have been out of the SOC almost a year now and sometimes I miss digging into alerts. I recently signed up to letsdefend.io to play around. LetsDefend is a really cool training site with a simulated SOC environment that allows you to investigate incidents. The alerts are quite close to what you'd see in the real world. Read on for my analysis of alert SOC235.

October 7th 2019 | #es #old #passwords #risk #security

Hace unos días, leí un artículo que mencionaba el resultado de un estudio sobre la seguridad de TI, concretamente, en el sector de la salud. En el mismo, se explicaba cómo los médicos alemanes tratan de forma negligente las contraseñas en sus prácticas, lo que pone en peligro la seguridad de la información de los pacientes.