Advent of Cyber 2024 Day 5: SOC-mas XX-what-ee?
Lab link. Questions 1. What is the flag discovered after navigating through the wishes? 2. What is the flag seen on the possible proof of sabotage?
Showing 63 Result(s)
Advent of Cyber 2024 Day 4: I’m all atomic inside!
Lab link. McSkidy suspects that an attacker simulated an intrusion using the T1566.001 Spearphishing with an attachment technique defined in the MITRE ATT&CK framework. We will recreate this attack and analyze the artifacts left behind. PowerShell Usage 1. Running the Help Command in PowerShell First, the Get-Help Invoke-AtomicTest command is run to get information about …
Advent of Cyber 2024 Day 3: Even if I wanted to go, their vulnerabilities wouldn’t allow it.
Lab link. Questions 1. BLUE: Where was the web shell uploaded to? Answer format: /directory/directory/directory/filename.php /media/images/rooms/shell.php 2. BLUE: What IP address accessed the web shell? 10.11.83.34 3. RED: What is the contents of the flag.txt? This command adds a line to the system’s /etc/hosts file. The added line associates the name frostypines.thm with the IP address …
Advent of Cyber 2024 Day 2: One man’s false positive is another man’s potpourri
Lab link. Questions 1. What is the name of the account causing all the failed login attempts? service_admin 2. How many failed logon attempts were observed? 6791 3. What is the IP address of Glitch? 10.0.255.1 4. When did Glitch successfully logon to ADM-01? Format: MMM D, YYYY HH:MM:SS.SSS Dec 1, 2024 08:54:39.000 5. What …
Advent of Cyber 2024 Day 1: Maybe SOC-mas music, he thought, doesn’t come from a store?
Lab link. McSkidy tapped keys with a confident grin,A suspicious website, now where to begin?She’d seen sites like this, full of code and of grime,Shady domains, and breadcrumbs easy to find. We can visit the target IP address website through the browser. The site appears to be one that converts YouTube videos to MP3 or …
Tryhackme: Red Team Threat Intel
Apply threat intelligence to red team engagements and adversary emulation. Task 5: TTP Mapping 5.2. How many Command and Control techniques are employed by Carbanak? https://mitre-attack.github.io/attack-navigator//#layerURL=https%3A%2F%2Fattack.mitre.org%2Fgroups%2FG0008%2FG0008-enterprise-layer.json 2 5.3. What signed binary did Carbanak use for defense evasion? Rundll32 5.4. What Initial Access technique is employed by Carbanak? Valid Accounts Task 7: Creating a Threat Intel Driven Campaign …
Tryhackme: ParrotPost: Phishing Analysis
Reveal how attackers can craft client-side credential-stealing webpages that evade detection by security tools. Lab link. Task 3: Email Headers 3.1. According to the IP address, what country is the sending email server associated with? We upload the .eml file to the Message Header Analyzer and find the Received IP address. Since the IP address location …
Tryhackme: Critical Writeup
Lab link. Task 2: Memory Forensics 2.1. What type of memory is analyzed during a forensic memory task? RAM 2.2. In which phase will you create a memory dump of the target system? Memory Acquisition Task 3: Environment & Setup 3.1. Which plugin can help us to get information about the OS running on the target machine? …
Tryhackme: Intro to Logs Writeup
Learn the fundamentals of logging, data sources, collection methods and principles to step into the log analysis world. Lab link. Task 2: Expanding Perspectives: Logs as Evidence of Historical Activity 2.1. What is the name of your colleague who left a note on your Desktop? Perry 2.2. What is the full path to the suggested log …
Tryhackme TShark: The Basics Writeup
Learn the basics of TShark and take your protocol and PCAP analysis skills a step further. Lab link. Task 2: Command-Line Packet Analysis Hints | TShark and Supplemental CLI Tools 2.2. View the details of the demo.pcapng file with “capinfos”.What is the “RIPEMD160” value? 6ef5f0c165a1db4a3cad3116b0c5bcc0cf6b9ab7 Task 3: TShark Fundamentals I | Main Parameters I 3.1. …