Home

by: tryhackme, DrGonz0 I have just recently completed the two rooms referred to above and wanted to learn some more with tshark! This is where taking notes comes in handy. I referred back to the previous rooms note to…

by: Tryhackme In task 2, Command-Line Wireshark Features I | Statistics 1, we are are shown the ability to present a more Wireshark-like appearance in the CLI. Pretty neat! “Use the “write-demo.pcap” to answer the questions. What is the…

by: tryhackme By now, I’m sure you have heard of Wireshark! But what about TShark? Think Wireshark but through the command line. Let’s dive in! “Find the task files on the Desktop in the “exercise-files” folder. “View the details…

by: tryhackme “Process the “sample.pcap” file and look at the details of the first DNS log that appear on the dashboard. What is the “qclass_name”?” “Double click to bring up an easy to read format of the logs. You…

by: tryhackme More Zeek sounds exciting to me! I had a blast with the other room: ! “”Investigate the dns-tunneling.pcap file. Investigate the dns.log file. What is the number of DNS records linked to the IPv6 address?” “Investigate the conn.log file. What is the longest connection…

by: tryhackme, Dex01 I suggest doing this before continuing the mentioned room above if you have not already done so: There is a lot of reading material in this room. I did know of Zeek beforehand, but this…

by: tryhackme, Dex01 “How many logs are ingested from the month of March, 2022?” “Imposter Alert: There seems to be an imposter account observed in the logs, what is the name of that user?” “Which user from the HR…

by: tryhackme, Dex01, TactfulTurtle “How many events were returned for the month of March 2022?” “”What is the IP associated with the suspected user in the logs?” Go ahead and click the “+” sign beside this to apply the…

by: Tryhackme, Dex01 If you haven’t already, finish this room first before continuing with this one: Before we get into Splunk, THM quickly goes over the Incident handling life cycle as well as the cyber kill chain. Now…

by: tryhackme, SecurityNomad, Gensane “What is the name of the file identified with the flagged SHA256 hash?” “What is the file type associated with the flagged SHA256 hash?” “What are the execution parents of the flagged hash? List the…