tryhackme

  • TryHackMe Walkthrough – Incident Response – Identification & Scoping

    Preparation is the first room in the Incident Response learning path within the TryHackMe learning platform. The learning path consist of the following rooms: In this post I will be walking through Identification & Scoping. Task 1: Introduction Question 1: No answer needed. Task 2: Identification: Unearthing the Existence of a Security Incident Question 1:

    read more

  • TryHackMe Walkthrough – Incident Response – Preparation

    Preparation is the first room in the Incident Response learning path within the TryHackMe learning platform. The learning path consist of the following rooms: In this post I will walkthrough the Preparation room. Task 1: Introduction Question 1: No answer needed Task 2: Incident Response Capability Question 1: What is an observed occurrence within a

    read more

  • TryHackMe – SOC Level 1 Path Complete!

    In this post I’d like to talk a bit about TryHackMe and my experience working through the SOC Level 1 learning path. TryHackMe is a learning platform that sends users to virtual machines (VM) they can access through their web browser. Extremely low barrier to entry! Absolutely no previous knowledge is required. I’m not sponsored

    read more

  • TryHackMe Walkthrough – The Greenholt Phish

    Task 1: Just another day as a SOC analyst Only one task for this room. Question 1: What date was the email received? (answer format: M/DD/YY) I opened the email in Thunderbird. Answer: 6/10/20 Question 2: Who is the email from? In the From… Answer: Mr. James Jackson Question 3: What is his email address?

    read more

  • TryHackMe Walkthrough – Phishing Prevention

    Task 1: Introduction Question 1: After visiting the link in the task, what is the MITRE ID for the “Software Configuration” mitigation technique? Follow the link to https://attack.mitre.org/techniques/T1598/#mitigations. Look for Software Configuration and the ID is there. Answer: M1054 Task 2: SPF (Sender Policy Framework Question 1: Referencing the dmarcian SPF syntax table, what prefix character

    read more

  • TryHackMe Walkthrough – Phishing Analysis Tools

    Task 1: Introduction Question 1: No answer needed Task 2: What information should we collect? Question 1: No answer needed Task 3: Email header analysis Question 1: What is the official site name of the bank that capitai-one.com tried to resemble? This should be self-explanatory, google capitol one to see what their domain is. Answer:

    read more

  • TryHackMe Walkthrough – Phishing Emails in Action

    Task 1: Introduction Question 1: No answer needed Task 2: Cancel your PayPal order Question 1: What phrase does the gibberish sender email start with? This answer is in the reading. Look at the email address highlighted with a red circle 2. Answer: noreply

    read more

  • TryHackMe Walkthrough – Phishing Analysis Fundamentals

    Task 1: Introduction Question 1: No answer needed. Task 2: The Email Address Question 1: Email dates back to what time frame? Answer is in the reading. Second paragraph. Answer: 1970s

    read more

  • TryHackMe – Intro to Malware Analysis Walkthrough

    In this walkthrough we will go step by step to answer the questions. Task 1: Introduction No questions here, so let’s keep moving. Task 2: Malware Analysis Question: Which team uses malware analysis to look for IOCs and hunt for malware in a network? The answer can be found in the reading in “The purpose

    read more

  • TryHackMe – TheHive Project Walkthrough

    Task 1 & 2 are easy “I read this” ones, so let’s skip to… Task 3 Question 1: Which open-source platform supports the analysis of observables within TheHive? In the reading under “Observable Enrichment with Cortex” bullet it explains that One of the main feature integrations TheHive supports is Cortex Answer: Cortex

    read more