The Purple Team Journey: My Cybersecurity Chronicles.

 Hashcat  Hashcat is a high-performance, open-source password-recovery / password-cracking framework designed to generate candidate passwords, compute their hashes with many algorithms, and compare those results to target hashes very quickly. It combines CPU and GPU acceleration, a powerful rule/mutation engine, multiple attack modes, utilities for large-scale cracking, and features for resuming/organizing work. Hashcat is widely used by security professionals for password auditing , forensic recovery of legitimately owned credentials, and research and it’s also a dual-use tool that can be abused if used without explicit authorization. When a system stores passwords it usually stores a hash (and often a salt) rather than the plaintext password. Hashcat’s job is to attempt to discover the original plaintext that produced that stored hash by: Generating candidate passwords according to an attack strategy (wordlists, rules, masks, combinatorics, PRINCE generator, etc.). ...

CyberChef CyberChef or The Cyber Swiss Army Knife is a powerful web application created by GCHQ for performing complex data operations through a simple, modular interface . CyberChef allows you to: Drag and drop operations (like “Base64 Decode”, “XOR”, “Extract URLs”) into a recipe. Instantly see results as you manipulate data. Automate common tasks used in malware analysis, threat hunting, OSINT, or forensics .

Static Malware Analysis is the process of examining malicious files or programs without running them. It focuses on analyzing the malware’s structure, code, and metadata to understand its functionality in a safe environment. Analysts inspect attributes such as file headers, hashes, strings, and imported libraries to identify indicators of compromise, detect obfuscation, and infer what the malware is designed to do. Tools like strings, PEiD, Ghidra, and IDA Pro are commonly used to extract readable text, view assembly code, and analyze binary structures for signs of malicious intent. Unlike dynamic analysis, static analysis does not reveal real-time behavior but provides a fast and risk-free way to study the malware’s potential actions. It helps analysts classify threats, develop detection signatures, and determine whether the file belongs to a known malware family. However, it has limitations packed, encrypted, or obfuscated samples can hide their true purpose, requiring deeper reverse...

 Wireshark Wireshark is one of the most powerful, widely used, and respected network protocol analyzers in the world. It’s a free, open-source tool that lets you capture, inspect, and analyze data packets as they move through a network in real time kind of like putting a microscope on the traffic flowing through your computer or your entire network. When data travels over a network, it doesn’t move as one big chunk it’s split into small packets. Each packet contains bits of data (like parts of an email, a file, or a web request) and metadata (like source and destination IP addresses, protocols used, etc.). Wireshark lets you capture these packets and view their contents in an extremely detailed and structured way. You can see: The source and destination of every packet Which protocol it used (HTTP, TCP, UDP, ARP, DNS, etc.) The exact data payload being transferred The timing of each packet (latency, retransmissions, etc.) And even reconstruct entire conversations (...

    Buffer Overflow - Simplified A buffer overflow is a type of software vulnerability that happens when a program writes more data to a buffer (a temporary data storage area in memory, usually a variable) than it can hold. A buffer is a fixed-size block of memory used to store data temporarily (like user input, strings, or files). When a program doesn’t properly check the size of the input before copying it into the buffer, extra data can “overflow” into adjacent memory locations. This overflow can corrupt data , crash the program. This Software vulnerability can allow attackers to execute malicious code, after overflowing the buffer. Example:  Let’s say a program allocates a buffer for 8 characters: char buffer[ 8 ]; gets(buffer); // reads user input If the user enters AAAAAAAAAAAAAAAA (16 A’s), the extra 8 characters go beyond the intended memory space,  overflowing into other parts of memory. Attackers can exploit this to Overwrite function return a...

 What is signature-based detection? Signature-based detection matches known patterns (signatures) against observed artefacts (files, network traffic, logs). It’s the classic approach used by AV, IDS/IPS (Snort/Suricata), email gateways, and many EDR rules. Signatures can be exact matches (file hash), pattern matches (byte sequence), structural rules (YARA), or behavioral/log patterns (SIEM rules). Common signature types File hashes (exact-match signatures) MD5, SHA-1, SHA-256 (and SHA-512). Used to uniquely identify a file binary or sample. Fast to compute, cheap to compare. Recommendations: use SHA-256 for new work (collision resistance + wide adoption). MD5/SHA-1 are weak for cryptographic guarantees but still used as legacy identifiers. Fuzzy / similarity hashes ssdeep (context triggered piecewise hashing) — measures similarity between files; useful for variants (packing, minor edits). TLSH (Trend-micro Locality Sensitive Hash) — another similarity hash...

🖥️ Firewall Lab Firewalls are one of the most fundamental components in network security. They act as a protective barrier between your system and the outside world controlling which connections are allowed in or out.  In cybersecurity, understanding how to configure and manage a firewall is an essential skill for defending systems from unauthorized access and attacks. UFW (Uncomplicated Firewall) is a user-friendly command-line interface for managing firewall rules on Linux systems, particularly those that use iptables underneath (like Ubuntu, Debian, and Kali Linux). It simplifies complex firewall commands into readable and straightforward syntax. With UFW you can quickly implement network protection without needing to memorize intricate iptables rules. This simplified lab provides a basic  hands-on introduction to using UFW to secure a Linux system. You’ll learn how to: Enable and manage UFW Allow or deny traffic on specific ports Set up default policies ...

 Bruteforce attack admin portal Introduction A Red Team hands-on lab for brute-forcing an admin portal is a controlled exercise that simulates an attacker testing weak credentials, account lockout policies, MFA implementation, and logging/alerting set up an isolated test environment (or a purposely vulnerable app), seed it with varied user accounts and passwords, and capture telemetry so you can observe how defenses respond; use tools like Burp Intruder or Hydra with slow, measured attacks (or password-spraying techniques) while avoiding harm, validate success signatures on test accounts, and document every step and finding so defenders can tune rate limits, anomaly detection, and incident response and always run these exercises only with explicit written authorization. In this blog we will make use of: nmap,hydra, docker/docker compose to simulate our exercise. We firstly need to setup the vuln app using docker in our ubuntu vm. Make sure to check the docker docs if u don't have i...