I wanted to throw out an Idea for a new type of walk through video for Retired Boxes. It is something I am already doing but not recording and I THINK it’s something that would make interesting videos. So depending on everyone’s feedback I will post a pilot video here.
So here is the premise:
It would be comprised of 2 parts, the normal hacking/CTF Red Team portion in a speed run style and at the end of this I will exfil some “booty” which will actually just be all of the local log files. (This will only work on boxes that are logging so I will not be doing every box since some don’t log)
I will Link and Ref other walkthroughs for more verbose explanation if needed.
The 2nd part will be more of a response/investigation sort of Blue Team walk through using all of the logs that were ex filled. Ill most likely be using spunk enterprise via their Docker image since it’s easy to set up and will allow people to do it themselves if they care to, without too much work.
The other option is to just dig through the raw logs, but who doesn’t like building timecharts…
Basically when done with the 2nd Part it should be perfectly clear by the logs alone how I compromised the box, the steps I took, and how long it took me.
I will hopefully have a full pilot video done for Aragog soon and once I do I will edit this post and add in the link to the video.
Let me know your thoughts.
Oh and I still have not thought of a name for the videos…
Thanks, and Happy Hacking