Blue Team Cyber Defender

  Learn how to interact with the win32 API and understand its wide range of use cases Link- https://tryhackme.com/room/windowsapi Does a process in the user mode have direct hardware access? (Y/N) n Does launching an application as an administrator open the process in kernel mode? (Y/N) n What header file imports and defines the User32 DLL and structure? winuser.h What parent header file contains all other required child and core header files? windows.h What overarching namespace provides P/Invoke to .NET? system What memory protection solution obscures the process of importing API calls? aslr Which character appended to an API call represents an ANSI encoding? a Which character appended to an API call represents extended functionality? ex What is the memory allocation type of 0x00080000 in the VirtualAlloc API call? MEM_RESET Do you need to define a structure to use API calls in C? (Y/N) n What method is used to import a required DLL? dllimport What type of method is used to reference

  Learn the steps and procedures of a red team engagement, including planning, frameworks, and documentation. Link - https://tryhackme.com/room/redteamengagements What CIDR range is permitted to be attacked? 10.0.4.0/22 Is the use of white cards permitted? (Y/N) Y Are you permitted to access “*.bethechange.xyz?” (Y/N) N How many explicit restriction are specified? 3 What is the first access type mentioned in the document? phishing Is the red team permitted to attack 192.168.1.0/24? (Y/N) N How long will the engagement last? 1 Month How long is the red cell expected to maintain persistence? 3 Weeks What is the primary tool used within the engagement? Cobalt Strike When will the engagement end? 11/14/2021 What is the budget the red team has for AWS cloud cost? $1000 Are there any miscellaneous requirements for the engagement? (Y/N) N What phishing method will be employed during the initial access phase? Spearphishing What site will be utilized for communication between the client and red

  This room is an introduction to red teaming Link - https://tryhackme.com/room/redteamrecon Would vulnerability assessments prepare us to detect a real attacker on our networks? (Yay/Nay) Nay During a penetration test, are you concerned about being detected by the client? (Yay/Nay) Nay Highly organised groups of skilled attackers are nowadays referred to as … Advanced Persistent Threats The goals of a red team engagement will often be referred to as flags or… crown jewels During a red team engagement, common methods used by attackers are emulated against the target. Such methods are usually called TTPs. What does TTP stand for? Tactics, techniques and procedures The main objective of a red team engagement is to detect as many vulnerabilities in as many hosts as possible (Yay/Nay) Nay What cell is responsible for the offensive operations of an engagement? Red Cell What cell is the trusted agent considered part of? White Cell If an adversary deployed Mimikatz on a target machine, where

  Learn the important ethics and methodologies behind every pentest Link - https://tryhackme.com/room/pentestingfundamentals You are given permission to perform a security audit on an organisation; what type of hacker would you be? White Hat You attack an organisation and steal their data, what type of hacker would you be? Black Hat What document defines how a penetration testing engagement should be carried out? Rules of Engagement What stage of penetration testing involves using publicly available information? Information Gathering If you wanted to use a framework for pentesting telecommunications, what framework would you use? Note: We’re looking for the acronym here and not the full name. OSSTMM What framework focuses on the testing of web applications? OWASP You are asked to test an application but are not given access to its source code — what testing process is this? Black Box You are asked to test a website, and you are given access to the source code — what testing process is