Blue Team Cyber Defender

  Learn the important ethics and methodologies behind every pentest Link - https://tryhackme.com/room/pentestingfundamentals You are given permission to perform a security audit on an organisation; what type of hacker would you be? White Hat You attack an organisation and steal their data, what type of hacker would you be? Black Hat What document defines how a penetration testing engagement should be carried out? Rules of Engagement What stage of penetration testing involves using publicly available information? Information Gathering If you wanted to use a framework for pentesting telecommunications, what framework would you use? Note: We’re looking for the acronym here and not the full name. OSSTMM What framework focuses on the testing of web applications? OWASP You are asked to test an application but are not given access to its source code — what testing process is this? Black Box You are asked to test a website, and you are given access to the source code — what testing process is

  Learn the principles of information security that secures data and protects systems from abuse Link - https://tryhackme.com/room/principlesofsecurity What element of the CIA triad ensures that data cannot be altered by unauthorised people? integrity What element of the CIA triad ensures that data is available? availability What element of the CIA triad ensures that data is only accessed by authorised people? confidentiality What does the acronym “PIM” stand for? Privileged Identity Management What does the acronym “PAM” stand for? Privileged Access Management If you wanted to manage the privileges a system access role had, what methodology would you use? PAM If you wanted to create a system role that is based on a users role/responsibilities with an organisation, what methodology is this? PIM What is the name of the model that uses the rule “can’t read up, can read down”? The Bell-LaPadula Model What is the name of the model that uses the rule “can read up, can’t read down”? The Biba

Dunkle Materie Writeup Investigate the ransomware attack using ProcDot Link-  https://tryhackme.com/room/dunklematerieptxc9 Once you have connected to the machine, launch Procdoct which is present in the Taskbar with a Red Dot symbol.  Load the files from "Analysis Files" folder present in the Desktop into Procdot. Click the ... button. The most suspicious process in the list appears to be exploreer.exe (PID 7128). We will double click on that and then click Refresh button. The chart loads and we are now ready for investigating... Provide the two PIDs spawned from the malicious executable. (In the order as they appear in the analysis tool) Click the ... button. The 2 PIDs that appear to be malicious are 8644 and 7128 Provide the full path where the ransomware initially got executed? (Include the full path in your answer) Open the "LogFile.csv" file in notepad and search for exploreer.exe. You will find the full path as " c:\users\sales\appdata\local\temp\explor