The Purple Team Journey: My Cybersecurity Chronicles.

    Buffer Overflow - Simplified A buffer overflow is a type of software vulnerability that happens when a program writes more data to a buffer (a temporary data storage area in memory, usually a variable) than it can hold. A buffer is a fixed-size block of memory used to store data temporarily (like user input, strings, or files). When a program doesn’t properly check the size of the input before copying it into the buffer, extra data can “overflow” into adjacent memory locations. This overflow can corrupt data , crash the program. This Software vulnerability can allow attackers to execute malicious code, after overflowing the buffer. Example:  Let’s say a program allocates a buffer for 8 characters: char buffer[ 8 ]; gets(buffer); // reads user input If the user enters AAAAAAAAAAAAAAAA (16 A’s), the extra 8 characters go beyond the intended memory space,  overflowing into other parts of memory. Attackers can exploit this to Overwrite function return a...

 What is signature-based detection? Signature-based detection matches known patterns (signatures) against observed artefacts (files, network traffic, logs). It’s the classic approach used by AV, IDS/IPS (Snort/Suricata), email gateways, and many EDR rules. Signatures can be exact matches (file hash), pattern matches (byte sequence), structural rules (YARA), or behavioral/log patterns (SIEM rules). Common signature types File hashes (exact-match signatures) MD5, SHA-1, SHA-256 (and SHA-512). Used to uniquely identify a file binary or sample. Fast to compute, cheap to compare. Recommendations: use SHA-256 for new work (collision resistance + wide adoption). MD5/SHA-1 are weak for cryptographic guarantees but still used as legacy identifiers. Fuzzy / similarity hashes ssdeep (context triggered piecewise hashing) — measures similarity between files; useful for variants (packing, minor edits). TLSH (Trend-micro Locality Sensitive Hash) — another similarity hash...

🖥️ Firewall Lab Firewalls are one of the most fundamental components in network security. They act as a protective barrier between your system and the outside world controlling which connections are allowed in or out.  In cybersecurity, understanding how to configure and manage a firewall is an essential skill for defending systems from unauthorized access and attacks. UFW (Uncomplicated Firewall) is a user-friendly command-line interface for managing firewall rules on Linux systems, particularly those that use iptables underneath (like Ubuntu, Debian, and Kali Linux). It simplifies complex firewall commands into readable and straightforward syntax. With UFW you can quickly implement network protection without needing to memorize intricate iptables rules. This simplified lab provides a basic  hands-on introduction to using UFW to secure a Linux system. You’ll learn how to: Enable and manage UFW Allow or deny traffic on specific ports Set up default policies ...

 Bruteforce attack admin portal Introduction A Red Team hands-on lab for brute-forcing an admin portal is a controlled exercise that simulates an attacker testing weak credentials, account lockout policies, MFA implementation, and logging/alerting set up an isolated test environment (or a purposely vulnerable app), seed it with varied user accounts and passwords, and capture telemetry so you can observe how defenses respond; use tools like Burp Intruder or Hydra with slow, measured attacks (or password-spraying techniques) while avoiding harm, validate success signatures on test accounts, and document every step and finding so defenders can tune rate limits, anomaly detection, and incident response and always run these exercises only with explicit written authorization. In this blog we will make use of: nmap,hydra, docker/docker compose to simulate our exercise. We firstly need to setup the vuln app using docker in our ubuntu vm. Make sure to check the docker docs if u don't have i...