Blue Team Cyber Defender

  Learn how to use Redline to perform memory analysis and to scan for IOCs on an endpoint. Link - https://tryhackme.com/room/btredlinejoxr3d Who created Redline? FireEye What data collection method takes the least amount of time? Standard Collector You are reading a research paper on a new strain of ransomware. You want to run the data collection on your computer based on the patterns provided, such as domains, hashes, IP addresses, filenames, etc. What method would you choose to run a granular data collection against the known indicators? IOC Search Collector What script would you run to initiate the data collection process? Please include the file extension. RunRedlineAudit.bat If you want to collect the data on Disks and Volumes, under which option can you find it? Disk Enumeration What cache does Windows use to maintain a preference for recently executed code? Prefetch Where in the Redline UI can you view information about the Logged in User? System Information Provide the Operatin

Find out what happened by analysing a .pcap file and hack your way back into the machine Link - https://tryhackme.com/room/h4cked Download the Task file The attacker is trying to log into a specific service. What service is this? FTP There is a very popular tool by Van Hauser which can be used to brute force a series of services. What is the name of this tool? Hydra The attacker is trying to log on with a specific username. What is the username? jenny What is the user’s password? password123 What is the current FTP working directory after the attacker logged in? /var/www/html The attacker uploaded a backdoor. What is the backdoor’s filename? shell.php The backdoor can be downloaded from a specific URL, as it is located inside the uploaded file. What is the full URL? Follow tcp stream http://pentestmonkey.net/tools/php-reverse-shell Which command did the attacker manually execute after getting a reverse shell? Follow tcp stream whoami What is the computer’s hostname? Follow tcp stream w

  Learn about digital forensics artefacts found on Linux servers by analysing a compromised server Link :- https://tryhackme.com/room/linuxserverforensics Deploy the first VM Login using ssh and navigate to /var/log/apache2 How many different tools made requests to the server? Run the below command Answer is 2 Name a path requested by Nmap. Run below command Answer is /nmaplowercheck1618912425 What page allows users to upload files? Navigate to the website Answer is contact.php What IP uploaded files to the server? Run below command to find Answer is 192.168.56.24 Who left an exposed security notice on the server? Run below command to find Go to the location mentioned above and open the security.md file Answer is Fred What command and option did the attacker use to establish a backdoor? Run below command to find backdoor Answer is sh -i What is the password of the second root account? Search passwd Google search xxx from root2 :xxx to find password Deploy the second VM Login and naviga