Blue Team Cyber Defender

  A guided room covering the deployment of honeypots and analysis of botnet activities Link - https://tryhackme.com/room/introductiontohoneypots Create a file and then log back in is the file still there? (Yay/Nay) Nay How many passwords include the word “password” or some other variation of it e.g “p@ssw0rd” 15 What is arguably the most common tool for brute-forcing SSH? hydra What intrusion prevention software framework is commonly used to mitigate SSH brute-force attacks? Fail2Ban What CPU does the honeypot “use”? Run command cat /proc/cpuinfo Intel(R) Core(TM) i9–11900KB CPU @ 3.30GHz Does the honeypot return the correct values when uname -a is run? (Yay/Nay) Nay What flag must be set to pipe wget output into bash? -O How would you disable bash history using unset ? unset HISTFILE What brand of device is the bot in the first sample searching for? (BotCommands/Sample1.txt) Do a simple google search of the processes Mikrotik What are the commands in the second sample changing? ...

  Learn about digital forensics artefacts found on Linux servers by analysing a compromised server Link :- https://tryhackme.com/room/linuxserverforensics Deploy the first VM Login using ssh and navigate to /var/log/apache2 How many different tools made requests to the server? Run the below command Answer is 2 Name a path requested by Nmap. Run below command Answer is /nmaplowercheck1618912425 What page allows users to upload files? Navigate to the website Answer is contact.php What IP uploaded files to the server? Run below command to find Answer is 192.168.56.24 Who left an exposed security notice on the server? Run below command to find Go to the location mentioned above and open the security.md file Answer is Fred What command and option did the attacker use to establish a backdoor? Run below command to find backdoor Answer is sh -i What is the password of the second root account? Search passwd Google search xxx from root2 :xxx to find password Deploy the second VM Login a...