Skip to content

TryHackMe

Sysmon

Task 1 Introduction Sysmon, a tool used to monitor and log events on Windows, is commonly used by enterprises as part of their monitoring and logging solutions. Part of the Windows Sysinternals package, Sysmon is similar to Windows Event Logs with further detail and granular control. Task 2 Sysmon Overview From the Microsoft Docs, “System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to file… Read More »Sysmon

Mitre

Task 1 Introduction to MITRE What is MITRE? The MITRE organization is a cyber security research and development organization that started in 1958 to “serve as objective advisers in systems engineering to government agencies, both military and civilian” according to their website. In this room, we will focus on other projects/research that the US-based non-profit MITRE Corporation has created for the cybersecurity community, specifically: ATT&CKĀ® (Adversarial Tactics, Techniques, and Common Knowledge) Framework CAR (Cyber Analytics Repository) Knowledge Base ENGAGE  D3FEND (Detection, Denial, and Disruption Framework Empowering Network Defense) AEP (ATT&CK Emulation Plans) Task 2 Basic Terminology Some common terminology used by MITRE is defined here. Advanced Persistent Threat (APT) – A group or individual that… Read More »Mitre

Nessus

Task 1 Introduction Nessus is a vulnerability scanner with free and paid versions and a GUI to operate the tool. Task 2 Installation First I downloaded a copy of the Nessus Installer from https://www.tenable.com/downloads/. You will need to find the right copy for your system. For the purposes of this write-up I am installing on a Windows system but Nessus is available for Windows, Mac OS, and several distributions of Linux, as well as Raspberry Pi. First click the link for the appropriate version you need. Then read and accept the License Agreement. Once it finishes downloading, run the installer… Read More »Nessus

Active Directory Basics

Task 1 Introduction Active Directory a network of computer workstaions, servers, and other network appliances grouped into domains. These domains are then grouped into forests which help to create a logical topology of an organization’s network. There are several components within Active Directory. Domain Controllers Forests, Trees, Domains Users + Groups  Trusts Policies  Domain Services Organizations like to use Active Directory because it simplifies network administration. It enables users to log into any computer within the organizations network and have access to their files from anywhere on the network. It also centralizes administration and security monitoring to the central domain… Read More »Active Directory Basics

Introduction to Windows

https://tryhackme.com/room/windowsfundamentals1xbx Task 1 Introduction to Windows For these tasks I was given the username administrator and password letmein123! for the windows machine. This task just made sure I was able to connect. Task 2 Windows Editions What encryption can you enable on Pro that you can’t enable in Home? BitLocker is a hard drive level encryption for the Windows operating system that is available on Pro but not Home versions. Task 3 The Desktop (GUI) Which selection will hide/disable the Search box? First I right clicked the taskbar, then clicked Search from the menu bar that opened, then Hidden in… Read More »Introduction to Windows

Wireshark 101

This is a write-up of the TryHackMe room Wireshark 101 Task 1 Introduction This task introuduced the fact that Wireshark is used for creating and analyzing PCAP files. PCAPs are network packet captures that list information about each packet intercepted by the capture tool. Task 2 Installation This task explained how to install Wireshark. It gives a link to Wireshark’s Website where you can download a copy of the installer. Task 3 Wireshark Overview This task explained the basics of Wireshark. When opening wireshark you can select an interface to begin listening to network traffic moving across that interface. Alternatively,… Read More »Wireshark 101

Network Services 2

This is a write-up of the TryHackMe room Network Services 2 found at https://tryhackme.com/room/networkservices2 Task 1 Get Connected This task just made sure I was able to get connected to the TryHackMe VPN. Task 2 Understanding NFS NFS is a network file system that creates a storage location on the network and makes it available to users of the networ. It does this by mounting a directory from a host then use the RPC (Remote Procedure Call) protocol to connect it. The user id and group id are used to decide which permissions are followed for the file/directory. This will… Read More »Network Services 2

Network Services

Task 1 Get Connected This task just explains how to connect to the TryHackMe VPN. Task 2 Understanding SMB What does SMB stand for?     What type of protocol is SMB? What do clients connect to servers using?     What systems does Samba run on? Task 3 Enumerating SMB Conduct an nmap scan of your choosing, How many ports are open? I ran nmap $ip -sV but it didn’t return much of anything. It says the host may be down but since I knew it was turned on I needed to try something else. It recommened using the -Pn flag to avoid… Read More »Network Services

Introductory Networking

Task 1 Introduction The aim of this room is to provide a beginner’s introduction to the basic principles of networking. Networking is a massive topic, so this really will just be a brief overview; however, it will hopefully give you some foundational knowledge of the topic, which you can build upon for yourself_._ The topics that we’re going to cover in this room are: The OSI Model The TCP/IP Model How these models look in practice An introduction to basic networking tools Task 2 The OSI Model: An Overview Which layer would choose to send data over TCP or UDP? Which… Read More »Introductory Networking