This repository contains my personal write-ups from the SEC504 Ranges.io Capture the Flag (CTF), completed as part of my preparation for the GIAC Certified Incident Handler (GCIH) certification.
Unlike a simple “answer key,” these walkthroughs are written to capture my thought process, the challenges I faced, and the realistic problem-solving steps I used. My goal was to document this experience in a way that demonstrates not only the solutions but also the mindset and technical depth required in real-world incident response.
- Step-by-step walkthroughs written in a narrative style — how I was thinking while trying to solve each challenge.
- Hands-on techniques including reconnaissance, enumeration, fuzzing, and web exploitation.
- Realistic obstacles and dead-ends I encountered, and how I adapted to overcome them.
- Tools in action:
ffuf,nmap, shell scripting, Python, CyberChef, and manual browser analysis, etc. - Flags and answers are hidden by default using expandable sections (
<details>in Markdown), so readers can test themselves before revealing solutions.
By working through these challenges, I showcased key incident handling and penetration testing skills:
- Web Exploitation → XSS, SQL Injection testing, URL tampering, logic flaw exploitation
- Fuzzing & Automation → Using
ffuf, Bash, and Python to enumerate hidden resources - OSINT & Reconnaissance → Leveraging open-source intelligence tools and search strategies
- Incident Handling Mindset → Careful documentation, iterative testing, and adapting when the “obvious” solution failed
These skills directly translate into SOC analysis, penetration testing, and threat hunting roles, where methodical reasoning is just as important as technical execution.
I created this repository as both a study aid and a professional showcase:
- For students → It provides a clear example of how to go beyond simply “finding flags” and instead demonstrate deep technical reasoning.
- For employers → It reflects my ability to document investigations, analyze systems under pressure, and communicate findings clearly — the same skills I bring to incident handling and cybersecurity operations.
If you’d like to discuss my work, incident response methodologies, or cybersecurity in general, feel free to reach out:
- LinkedIn: [https://www.linkedin.com/in/xerckmercado]
- Email: [xerckiem.mercado@student.sans.edu]
✨ Whether you’re here to learn, compare strategies, or evaluate my skillset — I hope you enjoy reading through these walkthroughs as much as I enjoyed solving and documenting them.