by: tryhackme “Volatility is a free memory forensics tool developed and maintained by Volatility Foundation, commonly used by malware and SOC analysts within a blue team or as part of their detection and monitoring solutions. Volatility is written in Python and is made…
by: tryhackme, ar33zy This room is a pre-requisite for and that room is a pre-requisite for which is a part of the SOCL1 pathway. “In this room, we will explore the core processes within a Windows system.…
by: tryhackme, ar33zy This room looks like it will bring a challenge! It’s rated Medium difficulty. We will be using various tools to anaylze the Tactics, Techniques, and Procedures (TTPs) of the Boogeyman! Prerequisites:Tshark: The BasicsPhishing Analysis FundamentalsPhishing Analysis ToolsWindows Event…
by: tryhackme, ar33zy Links to those rooms: Task 2 gives us a quick refresher of Log Analysis and Event Correlation. In Task 3, Preparation – Tools and Artificats, THM goes over hashes and some of the tools we will…
by: tryhackme “Investigate the DNS queries.Investigate the domains by using VirusTotal.According to VirusTotal, there is a domain marked as malicious What is the name of the malicious/suspicious domain? Enter your answer in a defanged format.” “What is the total number of…
by: tryhackme, DrGonz0 I have just recently completed the two rooms referred to above and wanted to learn some more with tshark! This is where taking notes comes in handy. I referred back to the previous rooms note to…
by: Tryhackme In task 2, Command-Line Wireshark Features I | Statistics 1, we are are shown the ability to present a more Wireshark-like appearance in the CLI. Pretty neat! “Use the “write-demo.pcap” to answer the questions. What is the…
by: tryhackme By now, I’m sure you have heard of Wireshark! But what about TShark? Think Wireshark but through the command line. Let’s dive in! “Find the task files on the Desktop in the “exercise-files” folder. “View the details…
by: tryhackme “Process the “sample.pcap” file and look at the details of the first DNS log that appear on the dashboard. What is the “qclass_name”?” “Double click to bring up an easy to read format of the logs. You…
by: tryhackme More Zeek sounds exciting to me! I had a blast with the other room: ! “”Investigate the dns-tunneling.pcap file. Investigate the dns.log file. What is the number of DNS records linked to the IPv6 address?” “Investigate the conn.log file. What is the longest connection…