I’ve done many labs and CTFs and lots of studying and taken so many notes (…so many notes…), but one thing I don’t think I’ve ever done is compose and publish a write-up on something. When BTLO retired a few lab investigations a few weeks ago, I thought maybe I’d spend some time to create a template and reorganize my notes into a public write-up I can share. And I did two of them!
First, I created a write–up for the PhishyV2 investigation which involved analyzing a phishing site and kit. This was a lab that was rated Hard on the BTLO site, and one of the earlier labs I completed after joining the site.
A week later, I made another write–up for the Obfuscated investigation. This one is geared around responding to an incident where an internal employee was given some malicious Python code which they executed and led to a compromise of their Linux workstation. The investigation is really broken down into two main parts. First, analyzing and deobfuscating a python script. And second investigating the Linux environment for signs of persistence.
I am no Word wizard, so this also let me brush some dust off my Word skills. I also normally do not take extensive screenshots for my personal notes, relying more often on text and terminal output. And this helps me also be more comfortable in quickly taking some screenshots to assist with my notes clarity. Often, taking screenshots has been something that gets me out of my normal flow of thought, and the only way to fix that is practice and ingraining it into my workflow.
Hopefully more labs retire in the future, and I’ll probably work on doing a few more write-ups for the harder or notable challenges.