Peter Wambua wambuapeter

shaktiCTF web challenges As part of the ShaktiCTF running on the 25TH/26TH July weekend that my team Fr334aks-Mini took part in, I tackled a couple of fun web challenges documented below. Friends This was a graphql challenge testing on your ability to gather information from a graphql api that leaks sensitive information. From this, I knew there was an endpoint /graphql hence visiting it and querying the user 1, I receive it’s information which is only a name:

NeuroSync-D Sherlocks Challenge This is a write-up about the challenge NeuroSync-D, which is part of the Sherlocks challenges in HackTheBox focused on improving learners’ proficiency in blue team security. As a web pentester, I honestly love investigating web attacks. Feels just like home, and this challenge was no different Description: NeuroSync™ is a leading suite of products focusing on developing cutting edge medical BCI devices, designed by the Korosaki Coorporaton. Recently, an APT group targeted them and was able to infiltrate their infrastructure and is now moving laterally to compromise more systems.

Phantom Check Sherlocks Challenge This is a write-up about a challenge I did a while back, Phantom Check which is part of the Sherlocks challenges in HackTheBox. It tests your knowledge in investigating WMI logs. WMI is the infrastructure for management data and operations on Windows-based operating systems Description: Talion suspects that the threat actor carried out anti-virtualization checks to avoid detection in sandboxed environments. Your task is to analyze the event logs and identify the specific techniques used for virtualization detection.

🧪 Build Your Own SOC Home Lab: Step-by-Step Guide ✅ Overview This comprehensive guide of how I set up my SOC home lab, and I have written it to guide you through setting up a fully functional Security Operations Center (SOC) home lab, compatible with both VirtualBox and VMware Workstation. You’ll build a safe, isolated environment using Windows 10, Kali Linux, Sysmon, and Splunk to simulate real-world attacker–defender scenarios. 📑 Index Click any section below to jump to it:

TJCTF Web Challenges This is a walkthrough of some interesting web challenges that I tackled the TJCTF 2025 together with my team, fr334aks-mini Loopy Can you access the admin page? Running on port 5000 For this challenge, we are given a website that shows other website HTML content previews. Trying https://thecyberlearner.github.io: We are told to access the admin site on port 5000, so I definitely knew I’m dealing with an SSRF.

Himaya We are the Hushed Protector of Health Data

HTB web challenge jscalc walkthrough

This is a walkthrough of a simple web challenge I created for CyberKimathi CTF competition.

A walkthrough of a medium room in TryHackMe. A great room needing critical thinking to exploit path traversal attacks to scripting to manipulate a gdbserver process to a tricky privilege escalation by ruby.

Daystar Hackathon CTF writeups My team CyberKimathi participated in the hackathon held at Daystar University. Being just a 2 hrs CTF and to be determined by time, we solved a couple of challenges, toping the competition. Here is a writeup of some: Challenge 1: Threat Intelligence A Malicious actor has been using the IP 64.176.194.7 to spread malware, can you identify the filename to the Powershell script used in the malicious activity.