Igor_sec's Blog
Hello! Welcome to my blog where I post write-ups for CTF challenges.
Hello! Welcome to my blog where I post write-ups for CTF challenges.
In today’s rapidly evolving digital landscape, securing sensitive data and networks has become paramount. Among the arsenal of tools designed to fortify these defenses, Wazuh emerges as a robust and versatile solution. TryHackMe briefly introduced Wazuh in a separate room within the Endpoint Security Monitoring Module, which is part of their learning path to SOC…
This is my write-up on TryHackMe’s Sysmon room. Task 1: Introduction It is highly recommended that the Windows Event Log room be completed before attempting this room, as the foundational knowledge on windows events will help us navigate this room. In addition, we will be utilizing the tools we learned in the room. Moving on,…
This is my write-up on THM’s Windows Event Logs Room. Task 1: What are event logs? Event logs essentially contain the records of events or activities that have transpired in a machine or host, that would help system administrators, IT technicians, etc, audit and trouble shoot issues in the system. But for blue teams, windows…
Snort Challenge – Live Attacks | TryHackMe Task 1: Introduction So far, we have been only detecting alerts with the rules that we have created. In this room, we are going to stop malicious activities from exploiting a host. If you have not completed the other Snort rooms, it is highly suggested that you complete…
Put your snort skills into practice and write snort rules to analyse live capture network traffic. Task 1: Introduction The room invites you a challenge to investigate a series of traffic data and stop malicious activity under two different scenarios. Let’s start working with Snort to analyse live and captured traffic. We recommend completing the…
SNORT is an open-source, rule-based Network Intrusion Detection and Prevention System (NIDS/NIPS). It was developed and still maintained by Martin Roesch, open-source contributors, and the Cisco Talos team. The official description: “Snort is the foremost Open Source Intrusion Prevention System (IPS) in the world. Snort IPS uses a series of rules that help define malicious…
Learn how to use NetworkMiner to analyse recorded traffic files and practice network forensics activities. NetworkMiner is an open-source traffic sniffer, pcap handler and protocol analyser. Developed and still maintained by Netresec. The official description; “NetworkMiner is an open source Network Forensic Analysis Tool (NFAT) for Windows (but also works in Linux / Mac OS…
Put your Zeek skills into practice and analyse network traffic. The room invites you a challenge to investigate a series of traffic data and stop malicious activity under different scenarios. Let’s start working with Zeek to analyse the captured traffic. We recommend completing the Zeek room first, which will teach you how to use the…
Introduction to hands-on network monitoring and threat detection with Zeek (formerly Bro). Link: https://tryhackme.com/room/zeekbro Zeek (formerly Bro) is an open-source and commercial network monitoring tool (traffic analyser). The official description; “Zeek (formerly Bro) is the world’s leading platform for network security monitoring. Flexible, open-source, and powered by defenders.” “Zeek is a passive, open-source network traffic…
Practice analyzing malicious traffic using Brim. Link: https://tryhackme.com/room/mastermindsxlq “Note: Before attempting this room, it is highly recommended that you complete the Zeek and Brim rooms. Those mentioned rooms cover basic security concepts and processing Zeek log files, which will help you navigate this room effectively.” “Three machines in the Finance department at Pfeffer PLC were…