Igor_sec's Blog
Hello! Welcome to my blog where I post write-ups for CTF challenges.
Tag: thm
-
TryHackMe | Threat Hunting: Endgame
Room Link: https://tryhackme.com/r/room/threathuntingendgame Task 1 Introduction Threat Hunting: Endgame In this room, you will learn how to implement the threat hunting process to hunt malicious activities performed in the “Actions on Objectives” phase of the “Cyber Kill Chain”. You will also experience the hunting process of commonly used MITRE ATT&CK techniques under the collection, exfiltration and impact tactics.…
-
TryHackMe- Threat Hunting: Pivoting
Task 1 Introduction Is your organisation’s network robust enough to spot lateral movements of adversaries within your systems? Can you detect unusual network activities or illicit privilege escalation that could indicate a pivot attack? Can you use network telemetry and analytics to identify abnormal behaviour and halt lateral movement before it wreaks havoc? These are essential…
-
TryHackMe | Threat Hunting: Foothold
Task 1 Introduction Are your organisation’s defences robust enough to detect intrusion attempts by adversaries? Are you equipped to hunt for covert signs of intrusion, even when the threat actors have only just breached your perimeters? Can you use high-quality data and advanced analytics to identify abnormal behaviour and stop attacks before they escalate? These are…
-
TryHackMe | MalBuster
Room Link: https://tryhackme.com/room/malbuster Task 1 Introduction This room aims to be a practice room for Dissecting PE Headers and Static Analysis 1. In this scenario, you will act as one of the Reverse Engineers that will analyse malware samples based on the detections reported by your SOC team. Prerequisites This room requires basic knowledge of Malware…
-
TryHackMe | Boogeyman 2
Task 1 Introduction After having a severe attack from the Boogeyman, Quick Logistics LLC improved its security defences. However, the Boogeyman returns with new and improved tactics, techniques and procedures. In this room, you will be tasked to analyse the new tactics, techniques, and procedures (TTPs) of the threat group named Boogeyman. Prerequisites This room may…
-
TryHackMe | Boogeyman 1
The room provided a phishing email, endpoint logs, and network traffic to analyze. By studying email headers, parsing JSON logs with JQ, and reconstructing events from packet captures, I uncovered how the threat actor gained initial access, enumerated the host, exfiltrated data, and maintained persistence. Key learning included inspecting encoded payloads, tracking command execution in…
-
TryHackMe | Disk Analysis & Autopsy
In this blog, I’ll be documenting my experience with the Disk Analysis & Autopsy room on TryHackMe, which challenged me to leverage disk artifacts to unravel an attack narrative. Room Link: https://tryhackme.com/room/autopsy2ze0 Task 1 Windows 10 Disk Image In the attached VM, there is an Autopsy case file and its corresponding disk image. After loading the .aut file, make…
-
TryHackMe | Benign
In this post, I’ll be working through a suspicious process execution exercise from TryHackMe to practice investigating event logs in Splunk. In this exercise, I’m given Windows event logs from an infected host to analyse. By filtering events in Splunk and extracting key data points, anomalies are discovered and attacker activities are uncovered. Task 1 Introduction…
-
TryHackMe | Investigating with Splunk
This room by TryHackMe explores the process of investigating a compromised web server using Splunk SIEM. It focuses on analyzing various Windows data sources such as Sysmon, PowerShell, and event logs to identify indicators of compromise (IOCs). By correlating events, analyzing fields, and pivoting data, anomalies can be detected and the attacker’s actions can be…
-
TryHackMe | Incident Handling with Splunk
As an analyst, understanding how to leverage logs to investigate incidents is a critical skill. In this post, I’ll walk through an interactive case study by TryHackMe, investigating a web server compromise. By mapping attacker activities to the Cyber Kill Chain framework, I’ll gain hands-on practice in log analysis and threat hunting techniques using Splunk…
Igor_sec's Blog 