THM | Intro to Defensive Security
Introduction to Cyber Security | Intro to Defensive Security | Summary:
This series of walkthroughs aims to help out complete beginners with finishing the Pre Security Path on the TryHackMe website. It is based on the learning content provided in the Intro to Defensive Security room.
Disclaimer: Please note that this write-up is NOT intended to replace the original room or its content, but rather serve as supplementary material for those who are stuck and need additional guidance. This walkthrough provides one (of the many) possible solution to the challenges, without revealing any flags or passwords directly.
Task | 1 | Introduction to Defensive Security
Read the introduction to defensive security before proceeding to the next task.
Question 1: Which team focuses on defensive security?
Blue Team
Task | 2 | Areas of Defensive Security
Topics related to defensive security like Security Operations Center (SOC) and Digital Forensics and Incident Response (DFIR) are introduced here. Gain an initial understanding before jumping to the next task.
Question 1: What would you call a team of cyber security professionals that monitors a network and its systems for malicious events?
Security Operations Center
Question 2: What does DFIR stand for?
Digital Forensics and Incident Response
Question 3: Which kind of malware requires the user to pay money to regain access to their files?
ransomware
Task | 3 | Practical Example of Defensive Security
In this task we get to follow along, and get a little bit of insight into a Junior (Associate) Security Analyst's day.
Notice the log in date. It's 05:25 in the morning. Somebody must have had a rough night... or not.
Run a check on the suspicious login.
Escalate the event to a staff member.
Adjust the firewall rules to block the malicious IP address.
Grab the flag.
Hopefully, following the tutorial in this room could shed a little bit of light on defensive security.
Question 1: What is the flag that you obtained by following along?
<flag>