DEV Community: Hills Nfor

Hands-on OverTheWire Bandit - Day 1 Progress

Hills Nfor — Sun, 10 Aug 2025 03:33:05 +0000

Levels Completed:

Bandit Level 1
Bandit Level 2

Summary:
I successfully completed the first two levels of the Bandit wargame on OverTheWire today. The tasks were challenging but rewarding, helping me strengthen my Linux command line and SSH skills.

Details:
Level 1: Connected to the server via SSH using the provided username. The main goal was to find the password for the next level, which was stored in a file named readme located in the home directory.

Level 2: After logging in, I needed to find and read the contents of a hidden file in the home directory to retrieve the password for the next level. This challenged my knowledge of Linux commands to list hidden files and view their contents.

Commands Used:
ssh bandit1@bandit.labs.overthewire.org -p 2220
Note: The -p option was necessary to specify the non-default SSH port after some research, as this was not initially provided in the instructions.

ls -l
ls -a
cat readme

My views:
The first level was straightforward, but level 2 required me to think about hidden files and how to reveal them. The discovery of the need to specify the SSH port was a key learning moment and emphasized the importance of research and troubleshooting. Overall, the experience helped improve my command line navigation and problem-solving skills. I’m motivated to continue and tackle more challenging levels subsequently. Follow for more

Cybersecurity Learning Journey: Reposting with Clarity

Hills Nfor — Sat, 09 Aug 2025 04:01:04 +0000

Over the pass few weeks, I have been fully immersed in self learning Cybersecurity and documenting everything I learned daily and sharing it publicly.
But here's is the truth - somewhere along the line, I realize that basics were a crucial part of the journey. I needed some understanding of the basics of Kali Linux under the distribution of Debian and communication(Basics of Networking) not just notes but getting the basic global norms was a necessity.

I took a short break from posting because I needed to strategized the approach before sharing again.
Now, I'm am glad to start reposting and sharing with you my journey once again armed with clearer direction and better tools, guys you won't believe this tool am about to shear with you.. I was shocked damnnn...

What changed?

Books I'm using
- Linux basics for Hackers by OccupyTheWeb(OTW)
- Network basics for Hackers by OccupyTheWeb(OTW)

The books got robust foundation for every beginner- it's indeed helping me - I strongly recommend this books to every beginner.

Hands-on Practice

As a beginner, theory alone isn't enough.
I had to look for ways I could actually dirty my hands on the learning process just to stumble this mind blowing websites overthewire practical challenges and at the same time understanding SSH filesystems and real-world server scenarios is a game changer for beginners. OverTheWire has done a grate job putting this out there to aid cybersecurity learners

Leveraging AI with a Special tool

Let me begin with this- Kudos to Google team for this genius study AI aid Model.
Guys go check it out- this Gems helped me organized and query my notes like a super-smart study buddy enhancing my learning experience in less then no time leaving no stone unturn. If you find lengthy books tiring to read you want to turn the book into a podcast and also partake Google's NotebookLM is mind blowing- words can't explain go to notebooklm and don't forget to come back and share with me your experience at the comment section

Why I'm Sharing Again?

Public writing helps me stay accountable and track progress while connecting with a community of learners and experts. I'm balancing deep study, hands-on practice, and consistent sharing because magic happens within resulting to growth.

What to Expect Next

Regular updates on my learning progress
Summaries and insights from the books or any tools am working with
Possible tips and resources for fellow learners

If you are also on the cybersecurity[Red Team],[Blue team],[SOC Analyst], or any related domain, lets connect and grow together...

Offensive security - Testing for Broken Access Control (OWASP)

Hills Nfor — Mon, 04 Aug 2025 02:30:04 +0000

Hands-on at tryhackme room #1..

I used dirb on CLI to brute-force hidden directories on a static web app

dirb http://www.targetwebsite.com/

Findings:

I access the site like a normal user
Discovered/admin/endpoints not shown in UI

Lesson: Obscurity is not equal security

Always enforce rule base control when building your website

Day #3/50 journey...

Network Basics for Security

Hills Nfor — Sat, 02 Aug 2025 00:57:25 +0000

TCP/IP and OSI Model

The TCP/IP is the most used and accepted model and not own by an institution whereas the OSI model who more a theory and less accepted globally so for that reasons I will be basing our findings on TCP/IP model.
It is basically the collection of layered network protocols that manages the communication of a network. It is made up of four(4) layers namely:

Application layer: This layer is the bridge between the client(browser) and the lower layers of the network that sends the data.
Transport layer: This layer is responsible for ensuring that data sent is arrived in it orderly manner as intended by the sender.
Internet layer: This layer's duty is to find the best and fastest route data should be send on the network.
Data Link Layer: This layer deals with the physical connection of devices with your computers that is there might be wired(Cable) or wireless(WiFi, Bluetooth). Ensuring data can be send from one device to another.

Day 2/50 of my Journey...

Chao!

Day 1/50 Basics on cyber security & web2

Hills Nfor — Fri, 01 Aug 2025 00:45:03 +0000

What is cybersecurity?

These are practical techniques that helps in securing unauthorized access to computer systems and personal digital data.

What is CAI Triad?

The Triad is the core of every system which is grounded on three powerful principles...

Confidentiality: Every system should be take full responsibility on all data and ensuring that only the rightful owner got accesses to their data.
Integrity: All data should stay true as intended by the beholder, and if altered the by a third party, the system should be able detect and be notified.
Availability: The system should be able to grants authorized user accesses to the resource they need when they need them.

Client Server Model

Communication between the Client(Browser) and the Server(Remote Computer)
Some vital things a notice here was

URL(Uniform Resource Locator): i.e. the human readable address e.g. www.hillspere.com
DNS(Domain Name Server): This DN Server is responsible for responding to the client request by sending the unique number (IP address) pairing with the URL to the client.
- IP address is a unique number that identifies a device on the internet.

HTTP/HTTPS Basics

HTTP/HTTPS: For the client and the server to communicate, a protocol is used, the client sends a request called HTTP(HyperText Transfer Protocol) or the HTTPS(the secured version) request to the IP address of the server to fetch anything from the server.

Some hands-on practical on a webpage using the browsers developers tool (Network tab)

bfCache (Back Forward Cache): This is an inbuilt optimizer in chrome browsers that enhance webpage's response time by default though some practice can hinder its functionality which is when you set in the control headers
Response Headers
Request Headers

Its was an awesome one on my Day 1 journey I have learnt a lot from the above summaries am open to corrections and constructive critics see you all tomorrow.

Chao!!!

Starting My Web2 & Web3 Security Journey as a novice

Hills Nfor — Thu, 31 Jul 2025 01:14:25 +0000

Hey Dev Big Brains,

I’m super glad to start this journey into Web2 and Web3 security. I don’t have a background in security just passionate and a strong will to learn and grow.

I’ll be sharing everything I learn, from the basics of Web2 security to the more complex stuff in Web3. This is mostly for educational purposes and to raise awareness, especially for beginners like me.

Why I'm Doing This

I want to understand how Web2 & Web3 security works
I want to teach while learning
I want to help others avoid common security mistakes
I believe we all start somewhere and this is my “somewhere”

How I'm Doing It

I ran a prompt on ChatGPT and got a 50-day plan to follow
I’ll be posting what I learn each day (or every few days)
It’ll be hands-on and real

What to Expect

Simple explanations
My thoughts and mistakes
Real examples if any
Your feedback, corrections, and advice are welcome!

This is my first post. Thanks for reading and feel free to follow along as I share more!

Let’s learn security together. One day at a time.