Home

Shadow Trace

by: tryhackme, rePl4stic We will be using the pestudio software for this Malware analysis! “What is the architecture of the binary file windows-update.exe?” “What is the hash (sha-256) of the file windows-update.exe?” “Identify the URL within the file to…

Phishing Unfolding

Obtaining my first alert already! This first one is a simple(low-priority) phishing email with the telltale signs. Time to do my write-up! THM provides examples of best practice for writing a report. THM loves the details of including the full…

Regular Expressions

by: concatenate, Dex01, rePl4stic This room is a prerequisite of: ! ELK shows up on the THM SOC1 path, and I wanted to up my skills with some supplementary learning in this room. We are to use this website…

Alert Triage with Splunk

by: tryhackme, Fidel2002, krotovolb This room covers various incident scenarios that involve Linux, Windows, and Web apps. We will be using Splunk to investigate each scenario to obtain our answers. THM goes through the scenario and helps us come…

Alert Triage with Elastic

by: tryhackme, ryla, TactfulTurtle Note: Apologies about the text being so small/blurry! I tried a different image format size to help with that. Next time, I will enhance the zoom in my browser, which should help with the text…

Sysmon

by: tryhackme, 1337rce, TactfulTurtle This is a recommended optional room for the SOC1 path. I thought, “More exposure to sysmon couldn’t hurt!”. Task 2, Sysmon Overview, goes over various config events with set conditions to trigger alerts. In Task…

Log Analysis with SIEM

by: tryhackme, TimTaylor, krotovolb Task 2, Benefits of SIEM for Analysts, covers Centralization, Correlation and Historical Events. Historical events are the ability for the SIEM to allow you to look at past events to observe patterns. Task 3 covers…

IP and Domain Threat Intel

by: tryhackme, SecurityNomad This whole room is a great network refresher which is why I have taken a lot of snippets to come back to if need be. Task 2, IP Building Blocks, covers DNS and why it matters…

File and Hash Threat Intel

by: tryhackme, SecurityNomad Go ahead and boot up the VM because with Task 2, we will already be using it. “One file displays one of the indicators mentioned. Can you identify the file and the indicator? (Answer: file, property)”…

Intro to Cyber Threat Intel

by: tryhackme, SecurityNomad, TactfulTurtle There’s a lot of great reading material in this room(which means a lot of snippets!) On to Task 3, CTI Lifecycle! THM presents a fictional scenarior that cover the phases of the CTI lifecycle. Per…