by: Tryhackme, Dex01 If you haven’t already, finish this room first before continuing with this one: Before we get into Splunk, THM quickly goes over the Incident handling life cycle as well as the cyber kill chain. Now…
by: tryhackme, SecurityNomad, Gensane “What is the name of the file identified with the flagged SHA256 hash?” “What is the file type associated with the flagged SHA256 hash?” “What are the execution parents of the flagged hash? List the…
by: tryhackme, rePl4stic We will be using the pestudio software for this Malware analysis! “What is the architecture of the binary file windows-update.exe?” “What is the hash (sha-256) of the file windows-update.exe?” “Identify the URL within the file to…
Obtaining my first alert already! This first one is a simple(low-priority) phishing email with the telltale signs. Time to do my write-up! THM provides examples of best practice for writing a report. THM loves the details of including the full…
by: concatenate, Dex01, rePl4stic This room is a prerequisite of: ! ELK shows up on the THM SOC1 path, and I wanted to up my skills with some supplementary learning in this room. We are to use this website…
by: tryhackme, Fidel2002, krotovolb This room covers various incident scenarios that involve Linux, Windows, and Web apps. We will be using Splunk to investigate each scenario to obtain our answers. THM goes through the scenario and helps us come…
by: tryhackme, ryla, TactfulTurtle Note: Apologies about the text being so small/blurry! I tried a different image format size to help with that. Next time, I will enhance the zoom in my browser, which should help with the text…
by: tryhackme, 1337rce, TactfulTurtle This is a recommended optional room for the SOC1 path. I thought, “More exposure to sysmon couldn’t hurt!”. Task 2, Sysmon Overview, goes over various config events with set conditions to trigger alerts. In Task…
by: tryhackme, TimTaylor, krotovolb Task 2, Benefits of SIEM for Analysts, covers Centralization, Correlation and Historical Events. Historical events are the ability for the SIEM to allow you to look at past events to observe patterns. Task 3 covers…
by: tryhackme, SecurityNomad This whole room is a great network refresher which is why I have taken a lot of snippets to come back to if need be. Task 2, IP Building Blocks, covers DNS and why it matters…