tryhackme.com
Open in
urlscan Pro
2606:4700:10::6816:37e4
Public Scan
Submitted URL: https://tryhackme.com/room/jrsecanalystintrouxo
Effective URL: https://tryhackme.com/r/room/jrsecanalystintrouxo
Submission: On April 11 via manual from IN — Scanned from DE
Effective URL: https://tryhackme.com/r/room/jrsecanalystintrouxo
Submission: On April 11 via manual from IN — Scanned from DE
Form analysis 6 forms found in the DOM
<form class="sc-kLTbJr dOtbaN">
<div class="sc-hYtBJs jWANSG">
<div class="sc-kbhJrz bBxzGJ">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="1" name="1" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div class="sc-dcbbvR jqpIer"><button color="add" type="submit" role="button" class="sc-kAyceB bWrVDc sc-dVaEAO sc-kodNMj hrsZQC ePkIGD">Login to answer..</button></div>
</form><form class="sc-kLTbJr dOtbaN">
<div class="sc-hYtBJs jWANSG">
<div class="sc-kbhJrz bBxzGJ">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="1" name="1" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div class="sc-dcbbvR jqpIer"><button color="add" type="submit" role="button" class="sc-kAyceB bWrVDc sc-dVaEAO sc-kodNMj hrsZQC ePkIGD">Login to answer..</button></div>
</form><form class="sc-kLTbJr dOtbaN">
<div class="sc-hYtBJs jWANSG">
<div class="sc-kbhJrz bBxzGJ">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="1" name="1" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div class="sc-dcbbvR jqpIer"><button color="add" type="submit" role="button" class="sc-kAyceB bWrVDc sc-dVaEAO sc-kodNMj hrsZQC ePkIGD">Login to answer..</button></div>
</form><form class="sc-kLTbJr dOtbaN">
<div class="sc-hYtBJs jWANSG">
<div class="sc-kbhJrz bBxzGJ">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="2" name="2" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div class="sc-dcbbvR jqpIer"><button color="add" type="submit" role="button" class="sc-kAyceB bWrVDc sc-dVaEAO sc-kodNMj hrsZQC ePkIGD">Login to answer..</button><button color="hint" type="button" role="button"
class="sc-kAyceB dtlBUx sc-dVaEAO hrsZQC"><svg aria-hidden="true" focusable="false" data-prefix="far" data-icon="lightbulb" class="svg-inline--fa fa-lightbulb " role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 384 512">
<path fill="currentColor"
d="M112.1 454.3c0 6.297 1.816 12.44 5.284 17.69l17.14 25.69c5.25 7.875 17.17 14.28 26.64 14.28h61.67c9.438 0 21.36-6.401 26.61-14.28l17.08-25.68c2.938-4.438 5.348-12.37 5.348-17.7L272 415.1h-160L112.1 454.3zM192 0C90.02 .3203 16 82.97 16 175.1c0 44.38 16.44 84.84 43.56 115.8c16.53 18.84 42.34 58.23 52.22 91.45c.0313 .25 .0938 .5166 .125 .7823h160.2c.0313-.2656 .0938-.5166 .125-.7823c9.875-33.22 35.69-72.61 52.22-91.45C351.6 260.8 368 220.4 368 175.1C368 78.8 289.2 .0039 192 0zM288.4 260.1c-15.66 17.85-35.04 46.3-49.05 75.89h-94.61c-14.01-29.59-33.39-58.04-49.04-75.88C75.24 236.8 64 206.1 64 175.1C64 113.3 112.1 48.25 191.1 48C262.6 48 320 105.4 320 175.1C320 206.1 308.8 236.8 288.4 260.1zM176 80C131.9 80 96 115.9 96 160c0 8.844 7.156 16 16 16S128 168.8 128 160c0-26.47 21.53-48 48-48c8.844 0 16-7.148 16-15.99S184.8 80 176 80z">
</path>
</svg>Hint</button></div>
</form><form class="sc-kLTbJr dOtbaN">
<div class="sc-hYtBJs jWANSG">
<div class="sc-kbhJrz bBxzGJ">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="3" name="3" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div class="sc-dcbbvR jqpIer"><button color="add" type="submit" role="button" class="sc-kAyceB bWrVDc sc-dVaEAO sc-kodNMj hrsZQC ePkIGD">Login to answer..</button></div>
</form><form class="sc-kLTbJr dOtbaN">
<div class="sc-hYtBJs jWANSG">
<div class="sc-kbhJrz bBxzGJ">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="4" name="4" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div class="sc-dcbbvR jqpIer"><button color="add" type="submit" role="button" class="sc-kAyceB bWrVDc sc-dVaEAO sc-kodNMj hrsZQC ePkIGD">Login to answer..</button></div>
</form>Text Content
You need to enable JavaScript to run this app. * Learn * Compete * For Education * For Business * Pricing Learn Compete For Education For Business Pricing Log InJoin for FREE Log InJoin for FREE * SOC Level 1 * Cyber Defence Frameworks * Junior Security Analyst Intro JUNIOR SECURITY ANALYST INTRO Play through a day in the life of a Junior Security Analyst, their responsibilities and qualifications needed to land a role as an analyst. easy 15 min Help 5658 Room progress ( 0% ) To access material, start machines and answer questions login. Task 1A career as a Junior (Associate) Security Analyst In the Junior Security Analyst role, you will be a Triage Specialist. You will spend a lot of time triaging or monitoring the event logs and alerts. The responsibilities for a Junior Security Analyst or Tier 1 SOC Analyst include: * Monitor and investigate the alerts (most of the time, it's a 24x7 SOC operations environment) * Configure and manage the security tools * Develop and implement basic IDS (Intrusion Detection System) signatures * Participate in SOC working groups, meetings * Create tickets and escalate the security incidents to the Tier 2 and Team Lead if needed Required qualifications (most common): * 0-2 years of experience with Security Operations * Basic understanding of Networking ( OSI model (Open Systems Interconnection Model) or TCP/IP model (Transmission Control Protocol/Internet Protocol Model)), Operating Systems (Windows, Linux), Web applications. To further learn about OSI and TCP/IP models, please refer to the Introductory Networking Room. * Scripting/programming skills are a plus Desired certification: * CompTIA Security+ As you progress and advance your skills as a Junior Security Analyst, you will eventually move up to Tier 2 and Tier 3. An overview of the Security Operations Center (SOC) Three-Tier Model: Answer the questions below What will be your role as a Junior Security Analyst? Login to answer.. Task 2Security Operations Center (SOC) So, what exactly is a SOC? The core function of a SOC (Security Operations Center) is to investigate, monitor, prevent, and respond to threats in the cyber realm 24/7 or around the clock. Per McAfee's definition of a SOC, "Security operations teams are charged with monitoring and protecting many assets, such as intellectual property, personnel data, business systems, and brand integrity. As the implementation component of an organisation's overall cyber security framework, security operations teams act as the central point of collaboration in coordinated efforts to monitor, assess, and defend against cyberattacks". The number of people working in the SOC can vary depending on the organisation's size. What is included in the responsibilities of the SOC? Preparation and Prevention As a Junior Security Analyst, you should stay informed of the current cyber security threats (Twitter and Feedly can be great resources to keep up with the news related to Cybersecurity). It's crucial to detect and hunt threats, work on a security roadmap to protect the organisation, and be ready for the worst-case scenario. Prevention methods include gathering intelligence data on the latest threats, threat actors, and their TTPs (Tactics, Techniques, and Procedures). It also includes the maintenance procedures like updating the firewall signatures, patching the vulnerabilities in the existing systems, block-listing and safe-listing applications, email addresses, and IPs. To better understand the TTPs, you should look into one of the CISA's (Cybersecurity & Infrastructure Security Agency) alerts on APT40 (Chinese Advanced Persistent Threat). Refer to the following link for more information, https://us-cert.cisa.gov/ncas/alerts/aa21-200a. Monitoring and Investigation A SOC team proactively uses SIEM (Security information and event management) and EDR (Endpoint Detection and Response) tools to monitor suspicious and malicious network activities. Imagine being a firefighter and having a multi-alarm fire - one-alarm fires, two-alarm fires, three-alarm fires; the categories classify the seriousness of the fire, which is a threat in our case. As a Security Analyst, you will learn how to prioritise the alerts based on their level: Low, Medium, High, and Critical. Of course, it is an easy guess that you will need to start from the highest level (Critical) and work towards the bottom - Low-level alert. Having properly configured security monitoring tools in place will give you the best chance to mitigate the threat. Junior Security Analysts play a crucial role in the investigation procedure. They perform triaging on the ongoing alerts by exploring and understanding how a certain attack works and preventing bad things from happening if they can. During the investigation, it's important to raise the question "How? When, and why?". Security Analysts find the answers by drilling down on the data logs and alerts in combination with using open-source tools, which we will have a chance to explore later in this path. Response After the investigation, the SOC team coordinates and takes action on the compromised hosts, which involves isolating the hosts from the network, terminating the malicious processes, deleting files, and more. Answer the questions below Read the above. Login to answer.. Task 3A day In the life of a Junior (Associate) Security Analyst Task includes website View Site To understand the job responsibilities for a Junior (Associate) Security Analyst, let us first show you what a day in the life of the Junior Security Analyst looks like and why this is an exciting career journey. To be in the frontline is not always easy and can be very challenging as you will be working with various log sources from different tools that we will walk you through in this path. You will get a chance to monitor the network traffic, including IPS (Intrusion Prevention System) and IDS (Intrusion Detection System) alerts, suspicious emails, extract the forensics data to analyze and detect the potential attacks, use open-source intelligence to help you make the appropriate decisions on the alerts. One of the most exciting and rewarding things is when you are finished working on an incident and have managed to remediate the threat. Incident Response might take hours, days, or weeks; it all depends on the scale of the attack: did the attacker manage to exfiltrate the data? How much data does the attacker manage to exfiltrate? Did the attacker attempt to pivot into other hosts? There are many questions to ask and a lot of detection, containment, and remediation to do. We will walk you through some fundamental knowledge that every Junior (Associate) Security Analyst needs to know to become a successful Network Defender. The first thing almost every Junior (Associate) Security Analyst does on their shift is to look at the tickets to see if any alerts got generated. Are you ready to immerse yourself into the role of a Junior Security Analyst for a little bit? Answer the questions below Click on the green View Site button in this task to open the Static Site Lab and navigate to the security monitoring tool on the right panel to try to identify the suspicious activity. Login to answer.. What was the malicious IP address in the alerts? Login to answer..Hint To whom did you escalate the event associated with the malicious IP address? Login to answer.. After blocking the malicious IP address on the firewall, what message did the malicious actor leave for you? Login to answer.. Created by tryhackme SecurityNomad Room Type Free Room. Anyone can deploy virtual machines in the room (without being subscribed)! Users in Room 196.604 Created 779 days ago LEARNING * Hands-on labs * For Business * For Education * Competitive Hacking RESOURCES * About Us * Newsroom * Blog * Glossary SHOP * Buy Vouchers * Swag Shop GET IN TOUCH * Contact Us * Forum We're a gamified, hands-on cyber security training platform that you can access through your browser. 128 City Road, London, United Kingdom, EC1V 2NX Copyright TryHackMe 2018-2024 Privacy PolicyTerms of UseAcceptable Use PolicyCookie Policy Exit split view