Home

by: tryhackme, Dex01 “How many logs are ingested from the month of March, 2022?” “Imposter Alert: There seems to be an imposter account observed in the logs, what is the name of that user?” “Which user from the HR…

by: tryhackme, Dex01, TactfulTurtle “How many events were returned for the month of March 2022?” “”What is the IP associated with the suspected user in the logs?” Go ahead and click the “+” sign beside this to apply the…

by: Tryhackme, Dex01 If you haven’t already, finish this room first before continuing with this one: Before we get into Splunk, THM quickly goes over the Incident handling life cycle as well as the cyber kill chain. Now…

by: tryhackme, SecurityNomad, Gensane “What is the name of the file identified with the flagged SHA256 hash?” “What is the file type associated with the flagged SHA256 hash?” “What are the execution parents of the flagged hash? List the…

by: tryhackme, rePl4stic We will be using the pestudio software for this Malware analysis! “What is the architecture of the binary file windows-update.exe?” “What is the hash (sha-256) of the file windows-update.exe?” “Identify the URL within the file to…

Obtaining my first alert already! This first one is a simple(low-priority) phishing email with the telltale signs. Time to do my write-up! THM provides examples of best practice for writing a report. THM loves the details of including the full…

by: concatenate, Dex01, rePl4stic This room is a prerequisite of: ! ELK shows up on the THM SOC1 path, and I wanted to up my skills with some supplementary learning in this room. We are to use this website…

by: tryhackme, Fidel2002, krotovolb This room covers various incident scenarios that involve Linux, Windows, and Web apps. We will be using Splunk to investigate each scenario to obtain our answers. THM goes through the scenario and helps us come…

by: tryhackme, ryla, TactfulTurtle Note: Apologies about the text being so small/blurry! I tried a different image format size to help with that. Next time, I will enhance the zoom in my browser, which should help with the text…

by: tryhackme, 1337rce, TactfulTurtle This is a recommended optional room for the SOC1 path. I thought, “More exposure to sysmon couldn’t hurt!”. Task 2, Sysmon Overview, goes over various config events with set conditions to trigger alerts. In Task…