Capture The Flag

Capture The Flag (CTF) is a famous game mode where attaquant has to steal the ennemy flag and bring it back to their own base. A CTF is composed of two teams fighting against each other. Each team has to defend their flag to not get it stolen by the adversary. In Cybersecurity, CTF organiser set up an environment where the players have to infiltrate the system with different means to retrieve the hidden flag. This has for goal to train pentesters, cyber analysts, or simply cyber passionates to simulate a cyber intrusion.
A CTF involves to find some vulnerabilities in the system, then the players must exploit them like in a real pentesting. The idea is to retrieve the flag which simulate a data exfiltration. Cyber security is a whole set of IT domains, therefore a CTF is usually composed of several exercices such as networking, cryptography, steganography, web, forensics. It is ordered by difficulties and is made for beginners as well as for experts.

In this section, the articles will present the CTFs that I have participated. You will see in details what kind of exercises you can encountered when participating to a CTF.

Click here to see the articles


Digital Forensics and Incident Response

Digital Forensics and Incident Response focuses on examining and understanding the behavior of a digital equipment or a company user when a suspicious activity was raise by cybersecurity appliances. When an incident has been identified, the DFIR team must determine if illegal actions were made or if an intruder is present in your company environment. After a cyber intrusion, adversaries can leave footprints anywhere in the company network, they might wish to come back another time, so leaving a backdoor in the infected system is not surprising. Once an attacker has infected a machine, spreading the malware in another system is very common, this has for goal to retain access on the network company after gaining a initial access in the company information system.
Digital Forensics and Incident Responses includes many IT fields since adversaries can use different methods to get a foothold in the targeted sytem. Disk analysis, memory analysis, log analysis and other technical knowledges are necessary to perform a great investigation.

In this section, the articles show you some forensic investigations that I have performed, either during at work as a cyber security analyst or during a CTF.

Click here to see the articles


Vulnerability Exploitation

A security vulnerability is a error or a flaw found in the system that can be potentially exploited by a threat agent to compromise a company network. Those security vulnerabilities can happen during development or during the design of the solution. It can be exploited by a person to force the software to perform tasks that are not supposed to perform, and bypass the current security defenses.
When a vulnerability has been discovered, it is registered as a Common Vulnerabilities and Exposure in the MITRE CVE database.
It exists many exploits in information security, such as memory overflows that allow a threat agent to execute some malicious instructions by overwriting data to a memory space. Those code injections allow a malevolant person to disclose all data of the system database or to execute any malicious code to every user who reach the web page.

In this section, the articles will focus on exploiting some cyber vulnerabilities and demonstrate how dangerous a misconfiguration or a poor security practice can be.

Click here to see the articles


Malware analysis

Malwares are used by threat agent and are designed to disrupt, damage or gain unauthorized access to a computer system. Any software that is designed to cause harm to a computer or a network is considered as a malware. Viruses, worms, trojan horse, rootkits and many others are different malware types. One of the best-known malware types is a worm and is very used by threat agent because it has the ability to spread in the company network by copying itself to other devices present in the network.
Malware analysis is to understand how the malware works, how to identify and find the indicator to detect and eleminate it. Some simple techniques are enough to identify the threat of malware, others will need more technical aptitude like reverse engineering.

In this section, the articles will focus on analysing malwares, and introduce the tools and methods to perform a malware analysis.

Click here to see the articles


Tutorial

This section gathers different computer science knowledges, the goal is to give theoretical and practical knowledges about different computing fields. This is meant to develop your knowledge and make you become better in the information technology area. It also contains cheatsheets that I found personally important to have in cyber security.
This is the learning guide section, feel free to have a glance at every article !

Click here to see the articles