by: tryhackme, rePl4stic We will be using the pestudio software for this Malware analysis! “What is the architecture of the binary file windows-update.exe?” “What is the hash (sha-256) of the file windows-update.exe?” “Identify the URL within the file to…
Obtaining my first alert already! This first one is a simple(low-priority) phishing email with the telltale signs. Time to do my write-up! THM provides examples of best practice for writing a report. THM loves the details of including the full…
by: concatenate, Dex01, rePl4stic This room is a prerequisite of: ! ELK shows up on the THM SOC1 path, and I wanted to up my skills with some supplementary learning in this room. We are to use this website…
by: tryhackme, Fidel2002, krotovolb This room covers various incident scenarios that involve Linux, Windows, and Web apps. We will be using Splunk to investigate each scenario to obtain our answers. THM goes through the scenario and helps us come…
by: tryhackme, ryla, TactfulTurtle Note: Apologies about the text being so small/blurry! I tried a different image format size to help with that. Next time, I will enhance the zoom in my browser, which should help with the text…
by: tryhackme, 1337rce, TactfulTurtle This is a recommended optional room for the SOC1 path. I thought, “More exposure to sysmon couldn’t hurt!”. Task 2, Sysmon Overview, goes over various config events with set conditions to trigger alerts. In Task…
by: tryhackme, TimTaylor, krotovolb Task 2, Benefits of SIEM for Analysts, covers Centralization, Correlation and Historical Events. Historical events are the ability for the SIEM to allow you to look at past events to observe patterns. Task 3 covers…
by: tryhackme, SecurityNomad This whole room is a great network refresher which is why I have taken a lot of snippets to come back to if need be. Task 2, IP Building Blocks, covers DNS and why it matters…
by: tryhackme, SecurityNomad Go ahead and boot up the VM because with Task 2, we will already be using it. “One file displays one of the indicators mentioned. Can you identify the file and the indicator? (Answer: file, property)”…
by: tryhackme, SecurityNomad, TactfulTurtle There’s a lot of great reading material in this room(which means a lot of snippets!) On to Task 3, CTI Lifecycle! THM presents a fictional scenarior that cover the phases of the CTI lifecycle. Per…