Blue Team Cyber Defender

  Understand how antivirus software works and what detection techniques are used to bypass malicious files checks. Link - https://tryhackme.com/room/introtoav What was the virus name that infected John McAfee’s PC? brain Which PC Antivirus vendor implemented the first AV software on the market? mcafee Antivirus software is a _____-based security solution. host Which AV feature analyzes malware in a safe and isolated environment? emulator An _______ feature is a process of restoring or decrypting the compressed executable files to the original. unpacker What is the sigtool tool output to generate an MD5 of the AV-Check.exe binary? f4a974b0cf25dca7fbce8701b7ab3a88:6144:AV-Check.exe Use the strings tool to list all human-readable strings of the AV-Check binary. What is the flag? THM{Y0uC4nC-5tr16s} Which detection method is used to analyze malicious software inside virtual environments? dynamic detection That’s it! See you in the next Room :)

  Introduction to x64 Assembly on Windows. Link- https://tryhackme.com/room/win64assembly What is 0xA in decimal? 10 What is decimal 25 in hexadecimal? Include the prefix for hexadecimal. 0x19 How many bytes is a WORD? 2 How many bits is a WORD? 16 What is the result of the binary operation: 1011 AND 1100? 1000 What is the result of the binary operation: 1011 NAND 1100? Include leading zeroes. 0111 How many bytes is RAX? 8 How many bytes is EAX? 4 What instruction returns from a function? ret What instruction will call/execute a function? call What instruction could be used to save a register in a way that it can later be restored? PUSH If two equal values are compared to each other, what will ZF be set to as result of the comparison? 1 In fastcall, what 64-bit register will hold the return value of a function? RAX In fastcall, what register is the first function parameter passed in? RCX In what order is data taken off of or put onto the stack? Provide the acronym. LIFO That’s it! See

  Learn how to detect and exploit SQL Injection vulnerabilities Link - https://tryhackme.com/room/sqlinjectionlm What does SQL stand for? Structured Query Language What is the acronym for the software that controls a database? DBMS What is the name of the grid-like structure which holds the data? table What SQL statement is used to retrieve data? SELECT What SQL clause can be used to retrieve data from multiple tables? UNION What SQL statement is used to add data? INSERT What character signifies the end of an SQL query? ; What is the flag after completing level 1? Login as Martin What is the flag after completing level two? (and moving to level 3) What is the flag after completing level three? Login as admin with the password What is the final flag after completing level four? Use the following referrer= admin123' UNION SELECT SLEEP(5),2 from users where username=’admin’ and password like ‘4961% login as admin with password 4961 Name a protocol beginning with D that can be used to

  Learn how to use Repeater to duplicate requests in Burp Suite Link - https://tryhackme.com/room/burpsuiterepeater Which view option displays the response in the same format as your browser would? Render Send the request. What is the flag you receive? See if you can get the server to error out with a “500 Internal Server Error” code by changing the number at the end of the request to extreme inputs. What is the flag you receive when you cause a 500 error in the endpoint? Exploit the union SQL injection vulnerability in the site. What is the flag? That’s it! See you in the next room :)