Cybercamp_MY_2023_Sharing

A Fun Recap of My Time at MCC 2023

Hey everyone! 🌟 Can’t believe it’s already been a while since the amazing MCC 2023, which took place on 08/12/2023. I’ve finally found some time to share my experiences with you, fresh off my internship. MCC 2023 was a blast, and it was a fantastic opportunity to connect with fellow Malaysian students who are just as passionate about cybersecurity as I am. The event was a four-day extravaganza (08/12/2023 - 11/12/2023) held at the lovely Thistle Resort in Port Dickson.

Day 1:A Late Arrival but a Warm Welcome

Guess who was the last to arrive? Yep, that’d be me, rolling in at around 10 pm. Work commitments meant I couldn’t get away earlier. Initially, I felt a bit out of the loop, especially since I missed the initial networking and recruitment tips session. But, no worries! The participants and crew were super welcoming and helped me settle in despite my late arrival. 😊

Day 2: Diving Deep into Nmap

The next day was super informative. I attended the “Cosmology beyond Nmap” talk by the brilliant masta ghimau. He delved deep into the nmap tool, sharing insights that were totally new to me – like the nuances of installing from source code versus a package manager, sneaky ways to evade old firewalls, and how to craft custom NSE scripts for reverse shell. Mind-blowing stuff!

Day 3: Red Teaming Adventures

Day three was all about Red Teaming and Adversarial Attack Simulation with Shahril and Jani – a topic I’m super excited about! We started by exploring tech identification using wappalyzer, followed by a deep dive into WP scan for WordPress vulnerabilities, leading us to an SQL injection CVE. We then used sqlmap to snag credentials, and things got even more interesting from there – backdoors, privilege escalation, and more! The second session introduced us to Active Directory and tools like netexec, and we got hands-on with Command and Control using sliver.

Day 4: Friendships and Future Plans

The final day was bittersweet. I got to snap photos with new friends and exchange social media contacts. On the way back to Kuala Lumpur, I had an enlightening chat with a participant, Shen, an OSCP holder. He shared his OSCP journey, clearing up my doubts and offering valuable tips for when I take the exam in 2024.

Easter Egg

A cool little surprise at MCC 2023: During registration, I spotted an encrypted text in the Google Form. Decrypting it led me to a TryHackMe room named Morpheus. This challenge was a brain-teaser with its rabbit holes, especially on port 21 (ftp). I navigated a recent CVE for OpenEMR 5.0.1 for RCE, directory brute-forcing for credentials, and a reverse shell leading to sudo privileges. The details are a bit hazy now, but it was a thrilling ride to super user status!

Photos taken with friends

Above blog is generated with the help of GPT XD