tryhackme

  • TryHackMe – SOC Level 1 Path Complete!

    In this post I’d like to talk a bit about TryHackMe and my experience working through the SOC Level 1 learning path. TryHackMe is a learning platform that sends users to virtual machines (VM) they can access through their web browser. Extremely low barrier to entry! Absolutely no previous knowledge is required. I’m not sponsored

    read more

  • TryHackMe Walkthrough – The Greenholt Phish

    Task 1: Just another day as a SOC analyst Only one task for this room. Question 1: What date was the email received? (answer format: M/DD/YY) I opened the email in Thunderbird. Answer: 6/10/20 Question 2: Who is the email from? In the From… Answer: Mr. James Jackson Question 3: What is his email address?

    read more

  • TryHackMe Walkthrough – Phishing Prevention

    Task 1: Introduction Question 1: After visiting the link in the task, what is the MITRE ID for the “Software Configuration” mitigation technique? Follow the link to https://attack.mitre.org/techniques/T1598/#mitigations. Look for Software Configuration and the ID is there. Answer: M1054 Task 2: SPF (Sender Policy Framework Question 1: Referencing the dmarcian SPF syntax table, what prefix character

    read more

  • TryHackMe Walkthrough – Phishing Analysis Tools

    Task 1: Introduction Question 1: No answer needed Task 2: What information should we collect? Question 1: No answer needed Task 3: Email header analysis Question 1: What is the official site name of the bank that capitai-one.com tried to resemble? This should be self-explanatory, google capitol one to see what their domain is. Answer:

    read more

  • TryHackMe Walkthrough – Phishing Emails in Action

    Task 1: Introduction Question 1: No answer needed Task 2: Cancel your PayPal order Question 1: What phrase does the gibberish sender email start with? This answer is in the reading. Look at the email address highlighted with a red circle 2. Answer: noreply

    read more

  • TryHackMe Walkthrough – Phishing Analysis Fundamentals

    Task 1: Introduction Question 1: No answer needed. Task 2: The Email Address Question 1: Email dates back to what time frame? Answer is in the reading. Second paragraph. Answer: 1970s

    read more

  • TryHackMe – Intro to Malware Analysis Walkthrough

    In this walkthrough we will go step by step to answer the questions. Task 1: Introduction No questions here, so let’s keep moving. Task 2: Malware Analysis Question: Which team uses malware analysis to look for IOCs and hunt for malware in a network? The answer can be found in the reading in “The purpose

    read more

  • TryHackMe – TheHive Project Walkthrough

    Task 1 & 2 are easy “I read this” ones, so let’s skip to… Task 3 Question 1: Which open-source platform supports the analysis of observables within TheHive? In the reading under “Observable Enrichment with Cortex” bullet it explains that One of the main feature integrations TheHive supports is Cortex Answer: Cortex

    read more

  • TryHackMe Velociraptor Walk-Through

    First task that has any questions is… Task 2 Question 1: Using the documentation, how would you launch an Instant Velociraptor on Windows? It’s in the documentation. Scroll to “Instant Velociraptor” and you will find… Answer: Velociraptor.exe gui Task 3 Question 1: What is the hostname for the client? Open the Ubuntu terminal and run:

    read more

  • TryHackMe – Volatility Walk-Through

    This will only cover Task 10 – Practical Investigations Question 1: What is the build version of the host machine in Case 001? In the above screenshot look at NTBuildLab. Answer: 2600.xpsp.080413-2111 Question 2: At what time was the memory file acquired in Case 001? Also, in the previous screenshot look at SystemTime. Answer: 2012-07-22

    read more