TryHackMe: Intro to Cyber Threat Intel Writeup

The room: Introducing cyber threat intelligence and related topics, such as relevant standards and frameworks.

https://tryhackme.com/room/cyberthreatintel

Task 2: Cyber Threat Intelligence

2.1. What does CTI stand for?

Cyber Threat Intelligence

2.2. IP addresses, Hashes and other threat artefacts would be found under which Threat Intelligence classification?

Technical Intel: Provides information about the resources an attacker uses to carry out an attack. Focuses on a specific loC.

Technical Intel

Task 3: CTI Lifecycle

3.1. At which phase of the CTI lifecycle is data converted into usable formats through sorting, organising, correlation and presentation?

Processing

3.2. During which phase do security analysts get the chance to define the questions to investigate incidents?

Direction

Task 4: CTI Standards & Frameworks

4.1. What sharing models are supported by TAXII?

collection and channel

4.2. When an adversary has obtained access to a network and is extracting data, what phase of the kill chain are they on?

Actions on Objectives

Task 5: Practical Analysis

5.1. What was the source email address?

vipivillain@badbank.com

5.2. What was the name of the file downloaded?

flbpfuh.exe

5.3. After building the threat profile, what message do you receive?

THM{***_*_***_***}

a

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir