Blue Team Cyber Defender

  Learn how to interact with the win32 API and understand its wide range of use cases Link- https://tryhackme.com/room/windowsapi Does a process in the user mode have direct hardware access? (Y/N) n Does launching an application as an administrator open the process in kernel mode? (Y/N) n What header file imports and defines the User32 DLL and structure? winuser.h What parent header file contains all other required child and core header files? windows.h What overarching namespace provides P/Invoke to .NET? system What memory protection solution obscures the process of importing API calls? aslr Which character appended to an API call represents an ANSI encoding? a Which character appended to an API call represents extended functionality? ex What is the memory allocation type of 0x00080000 in the VirtualAlloc API call? MEM_RESET Do you need to define a structure to use API calls in C? (Y/N) n What method is used to import a required DLL? dllimport What type of method is used to reference

  Understand how antivirus software works and what detection techniques are used to bypass malicious files checks. Link - https://tryhackme.com/room/introtoav What was the virus name that infected John McAfee’s PC? brain Which PC Antivirus vendor implemented the first AV software on the market? mcafee Antivirus software is a _____-based security solution. host Which AV feature analyzes malware in a safe and isolated environment? emulator An _______ feature is a process of restoring or decrypting the compressed executable files to the original. unpacker What is the sigtool tool output to generate an MD5 of the AV-Check.exe binary? f4a974b0cf25dca7fbce8701b7ab3a88:6144:AV-Check.exe Use the strings tool to list all human-readable strings of the AV-Check binary. What is the flag? THM{Y0uC4nC-5tr16s} Which detection method is used to analyze malicious software inside virtual environments? dynamic detection That’s it! See you in the next Room :)

  Learn JavaScript, the high-level, multi-paradigm language of the web. Link - https://tryhackme.com/room/javascriptbasics What type of data type is this: ‘Neo’? String What data type is true/false? boolean What is John’s occupation? Master Hacker What tag is used for linking a JavaScript file to HTML? script What type of brackets are used for arrays? [] What color pill did we choose? Red Pill What is the output of this code? Tyrell Loops repeat until the written code is finished running (true/false) true What loop doesn’t require the condition to be true for it execute at least once? do…while What is the DOM? Document Object Model What is it called when XSS is used to record keystrokes? Keylogging Sort the array [1,10,5,15,2,7,28,900,45,18,27] [1,2,5,7,10,15,18,27,28,45,900] That’s it! See you in the next Room :)

  Learn vim, a universal text editor that can be incredibly powerful when used properly. From basic text editing to editing of binary files, Vim can be an important arsenal in a security toolkit. Link - https://tryhackme.com/room/toolboxvim How do we enter “INSERT” mode? i How do we start entering text into our new Vim document? typing How do we return to command mode? esc How do we move the cursor left? h How do we move the cursor right? l How do we move the cursor up? k How do we move the cursor down? j How do we jump to the start of a word? w How do we jump to the end of a word? e How do we insert (before the cursor) i How do we insert (at the beginning of the line?) I How do we append (after the cursor) a How do we append (at the end of the line) A How do we make a new line under the current line? o How do we write the file, but don’t exit? :w How do we write the file, but don’t exit- as root? :w !sudo tee % How do we write and quit? :wq How do we quit? :q How do we force quit? :q!