Peter Wambua wambuapeter

Popular posts

1. Shaktictf

   shaktiCTF web challenges As part of the ShaktiCTF running on the 25TH/26TH July weekend that my team Fr334aks-Mini took part in, I tackled a couple of fun web challenges documented below. Friends This was a graphql challenge testing on your ability to gather information from a graphql api that leaks sensitive information. From this, I knew there was an endpoint /graphql hence visiting it and querying the user 1, I receive it’s information which is only a name:

2. NeuroSync-D Sherlocks

   NeuroSync-D Sherlocks Challenge This is a write-up about the challenge NeuroSync-D, which is part of the Sherlocks challenges in HackTheBox focused on improving learners’ proficiency in blue team security. As a web pentester, I honestly love investigating web attacks. Feels just like home, and this challenge was no different Description: NeuroSync™ is a leading suite of products focusing on developing cutting edge medical BCI devices, designed by the Korosaki Coorporaton. Recently, an APT group targeted them and was able to infiltrate their infrastructure and is now moving laterally to compromise more systems.

3. Phantom Check

   Phantom Check Sherlocks Challenge This is a write-up about a challenge I did a while back, Phantom Check which is part of the Sherlocks challenges in HackTheBox. It tests your knowledge in investigating WMI logs. WMI is the infrastructure for management data and operations on Windows-based operating systems Description: Talion suspects that the threat actor carried out anti-virtualization checks to avoid detection in sandboxed environments. Your task is to analyze the event logs and identify the specific techniques used for virtualization detection.

4. Building Your Own Soc Lab

   🧪 Build Your Own SOC Home Lab: Step-by-Step Guide ✅ Overview This comprehensive guide of how I set up my SOC home lab, and I have written it to guide you through setting up a fully functional Security Operations Center (SOC) home lab, compatible with both VirtualBox and VMware Workstation. You’ll build a safe, isolated environment using Windows 10, Kali Linux, Sysmon, and Splunk to simulate real-world attacker–defender scenarios. 📑 Index Click any section below to jump to it:

5. Tjctf2025

   TJCTF Web Challenges This is a walkthrough of some interesting web challenges that I tackled the TJCTF 2025 together with my team, fr334aks-mini Loopy Can you access the admin page? Running on port 5000 For this challenge, we are given a website that shows other website HTML content previews. Trying https://thecyberlearner.github.io: We are told to access the admin site on port 5000, so I definitely knew I’m dealing with an SSRF.

6. Himaya

   Himaya We are the Hushed Protector of Health Data