CTRL + ALT + SEC

Tag: Incident Response

  • TryHackMe Walkthrough – Incident Response – Identification & Scoping

    Preparation is the first room in the Incident Response learning path within the TryHackMe learning platform.

    The learning path consist of the following rooms:

    • Preparation
    • Identification & Scoping
    • Threat Intel & Containment
    • Eradication & Remediation
    • Lessons Learned
    • Tardigrade

    In this post I will be walking through Identification & Scoping.

    Task 1: Introduction

    Question 1: No answer needed.

    Task 2: Identification: Unearthing the Existence of a Security Incident

    Question 1: What is the Subject of Ticket#2023012398704232?

    Follow the directions in the reading to dismiss all the Windows Office warnings. Once outlook opens on the VM scroll down the inbox to the first message from John Sterling that’s the one with the correct ticket number from the question. In the message thread scroll to the first message and you will see the ticket information including the subject.

    Answer: weird error in outlook

    (more…)

  • TryHackMe Walkthrough – Incident Response – Preparation

    Preparation is the first room in the Incident Response learning path within the TryHackMe learning platform.

    The learning path consist of the following rooms:

    • Preparation
    • Identification & Scoping
    • Threat Intel & Containment
    • Eradication & Remediation
    • Lessons Learned
    • Tardigrade

    In this post I will walkthrough the Preparation room.

    Task 1: Introduction

    Question 1: No answer needed

    Task 2: Incident Response Capability

    Question 1: What is an observed occurrence within a system?

    The answer is in the reading. Look at the first bullets in this task.

    Answer: Event

    Question 2: What is described as a violation of security policies and practices?

    This answer is also in the reading, in the same place as question 1.

    Answer: Incident

    (more…)