by: tryhackme, TactfulTurtle “Use the /var/log/syslog file on the VM to answer the questions.Which time server domain did the VM contact to sync its time?” At first, I ended up entering “cat /var/logsyslog | grep time” but then I noticed ntp…
by: tryhackme, TactfulTurtle “Which suspicious archive did the user download?” “”Where did the attackers hide the C2 malware file?” “What is the domain of the Command and Control server?” On to task 3, Persistence Overview! “How many times did…
by: tryhackme, TactfulTurtle “Open CMD and type “net user Administrator”.Which privileged group does the user belong to?” “Open Event Viewer and try to find your command in Sysmon logs.What is the “Image” field of the net command you just…
by: tryhackme, TactfulTurtle Task 3, Initial Access via RDP, goes over the risks of using RDP and the vulnerabilities that it presents. We will be using the RDP event logs for this task. “Which user seems to be most…
by: Tryhackme, SaintNada, TactfulTurtle THM links to four other rooms: Know Core Windows ProcessesRemind yourself of the Logs FundamentalsLearn and practice SysmonLearn how to query Event Logs In Task 2, THM has us boot up our VM and prepare the Event Viewer. They…
by: tryhackme, ryla, tryhackme “For questions: “What class of attack relies on disrupting the availability of a web service?” and “What do we call the network of compromised machines that attackers use to launch DDoS attacks?” Task 3, Attack…
by: tryhackme, ryla, TactfulTurtle Before we begin, THM links to other rooms. Check these out if you need to: Web Application Basics: HTTP Request Methods & Responses MITRE: Initial Access & Persistence Tactics Intro to Log Analysis: Common Log Formats “Which MITRE ATT&CK…
by: tryhackme, ryla, TactfulTurtle THM links to other rooms per the prerequisites. These rooms cover the most recent update to OWASP! “OWASP Top 10 covers the ten most critical web security risks. Complete Intro to Log Analysis for an overview of logs and…
by: tryhackme, ryla, TactfulTurtle This room covers recent advances in the web and the security defenses and concerns that accompany them. This room is a high-level room and less technical, so I mainly did snippet highlights. In task 6…
by: tryhackme, Dex01, krotovolb, TactfulTurtle “SNORT is an open-source, rule-based Network Intrusion Detection and Prevention System (NIDS/NIPS). It was developed and still maintained by Martin Roesch, open-source contributors, and the Cisco Talos team. The official description: “Snort is the…