Liam Smydo

Welcome 馃憢

Hi, I’m Liam. This site contains my various cybersecurity projects, CTF write-ups, and labs, including detailed technical write-ups and different resources I find useful. Below, you鈥檒l find some of my recent projects and CTF write-ups

TryHackMe: Ledger

Hard Active Directory box exploiting anonymous LDAP access and AD CS ESC1 misconfiguration

January 22, 2026 路 8 min 路 1698 words 路 Liam Smydo

TryHackMe: Stealth

Medium difficulty defense evasion box featuring a scheduled task privilege escalation vector

January 22, 2026 路 3 min 路 601 words 路 Liam Smydo

When Antivirus Fails: Detecting C2 Activity with Wazuh and Security Onion

In this project, I executed a custom, low profile mTLS C2 beacon on a fully patched Windows 11 endpoint that did not trigger Windows Defender. I then examined how this activity appeared across endpoint telemetry in Wazuh and network telemetry in Security Onion.

January 6, 2026 路 6 min 路 1174 words 路 Liam Smydo

Assumed Breach SOC Lab: Internal RDP Brute Force, Active Directory Recon, and Wazuh Detection

In this project, I executed a custom, low profile mTLS C2 beacon on a fully patched Windows 11 endpoint that did not trigger Windows Defender. I then examined how this activity appeared across endpoint telemetry in Wazuh and network telemetry in Security Onion.

December 9, 2025 路 4 min 路 660 words 路 Liam Smydo