Posts

Showing posts with the label cyber defence

TryHackMe | Diamond Model WriteUp

Image
  Learn about the four core features of the Diamond Model of Intrusion Analysis: adversary, infrastructure, capability, and victim. Link - https://tryhackme.com/room/diamondmodelrmuwwg42 What is the term for a person/group that has the intention to perform malicious actions against cyber resources? Adversary Operator What is the term of the person or a group that will receive the benefits from the cyberattacks? Adversary Customer What is the term that applies to the Diamond Model for organizations or people that are being targeted? Victim Personae Provide the term for the set of tools or capabilities that belong to an adversary. Adversary Arsenal To which type of infrastructure do malicious domains and compromised email accounts belong? Type 2 Infrastructure What type of infrastructure is most likely owned by an adversary? Type 1 Infrastructure What meta-feature does the axiom “Every malicious activity contains two or more phases which must be successfully executed in succession to...

TryHackMe | Intro to Endpoint Security WriteUp

Image
  Learn about fundamentals, methodology, and tooling for endpoint security monitoring. Link - https://tryhackme.com/room/introtoendpointsecurity What is the normal parent process of services.exe? wininit.exe What is the name of the network utility tool introduced in this task? tcpview What is the PowerShell cmdlet for viewing Windows Event Logs? get-winevent Provide the command used to enter OSQuery CLI. osqueryi What does EDR mean? Provide the answer in lowercase. Endpoint detection and response Provide the flag for the simulated investigation activity. That’s it! See you in the next Room :)

TryHackMe | Wireshark: The Basics Walkthrough

Image
  Learn the basics of Wireshark and how to analyse protocols and PCAPs. Link- https://tryhackme.com/room/wiresharkthebasics Which file is used to simulate the screenshots? http1.pcapng Which file is used to answer the questions? Exercise.pcapng Use the “Exercise.pcapng” file to answer the questions. Read the “capture file comments”. What is the flag? TryHackMe_Wireshark_Demo What is the total number of packets? 58620 What is the SHA256 hash value of the capture file? f446de335565fb0b0ee5e5a3266703c778b2f3dfad7efeaeccb2da5641a6d6eb Use the “Exercise.pcapng” file to answer the questions. View packet number 38. Which markup language is used under the HTTP protocol? extensible markup language What is the arrival date of the packet? (Answer format: Month/Day/Year) 05/13/2004 What is the TTL value? 47 What is the TCP payload size? 424 What is the e-tag value? Follow HTTP Stream 9a01a-4696–7e354b00 Use the “Exercise.pcapng” file to answer the questions. Search the “r4w” string in packet d...

TryHackMe | Introduction to Antivirus WriteUp

Image
  Understand how antivirus software works and what detection techniques are used to bypass malicious files checks. Link - https://tryhackme.com/room/introtoav What was the virus name that infected John McAfee’s PC? brain Which PC Antivirus vendor implemented the first AV software on the market? mcafee Antivirus software is a _____-based security solution. host Which AV feature analyzes malware in a safe and isolated environment? emulator An _______ feature is a process of restoring or decrypting the compressed executable files to the original. unpacker What is the sigtool tool output to generate an MD5 of the AV-Check.exe binary? f4a974b0cf25dca7fbce8701b7ab3a88:6144:AV-Check.exe Use the strings tool to list all human-readable strings of the AV-Check binary. What is the flag? THM{Y0uC4nC-5tr16s} Which detection method is used to analyze malicious software inside virtual environments? dynamic detection That’s it! See you in the next Room :)

Eonrec