🔍 1. Exploitation Basics – Laying the Groundwork
This module was an essential deep dive into key exploitation techniques. It covered:
Local File Inclusion (LFI) and Remote File Inclusion (RFI)
Command injection
Web shell deployment
Common enumeration strategies
What I loved most was how this module built the bridge between theory and practice. Each concept was paired with vulnerable machines to reinforce learning through action.
🐍 2. PyRAT – Building and Detecting a RAT
The PyRAT room simulated the lifecycle of a Remote Access Trojan:
Creating and deploying a Python-based RAT
Establishing persistence
Detecting and analyzing the malware
This room was an eye-opener—it demonstrated how easily malicious code can slip into a system if proper security measures aren’t in place. The hands-on malware analysis aspect gave me a beginner-friendly taste of reverse engineering and threat hunting.
🤖 3. Mr. Robot – Classic CTF with a Pop Culture Twist
Inspired by the “Mr. Robot” TV series, this room was a CTF fan-favorite:
Web enumeration via robots.txt and WordPress login
Cracking hashes and password reuse
Privilege escalation via vulnerable scripts
It felt like I was solving a real-world breach investigation. The multi-layered nature of the box and the creativity behind the flags made this room super engaging.
🧱 4. Brick’s Heist – Crime Scene Investigation Cyber-Style
Brick’s Heist combined story-driven fun with technical skill:
Analyzing clues on a compromised system
Investigating logs and artifacts
Extracting files and passwords from hidden locations
This room really emphasized forensics and host-based analysis. It made me realize how crucial log analysis and incident response are in the aftermath of a breach.
🌐 5. Chrome – Browser-Based Exploitation
In the Chrome room, I explored:
Exploiting browser extensions
Understanding XSS and session hijacking
Grabbing cookies and impersonating users
This was an excellent hands-on look at client-side vulnerabilities. It reinforced why secure coding practices and extension reviews are vital.
💡 Key Takeaways
Enumeration is always the first step.
A single weak link—like a reused password or unpatched extension—can lead to full system compromise.
The combination of technical knowledge and creative problem-solving is what makes cybersecurity so exciting.
Top comments (0)