tryhackme.com
Open in
urlscan Pro
2606:4700:10::6816:36e4
Public Scan
URL:
https://tryhackme.com/room/jrsecanalystintrouxo
Submission: On February 23 via manual from IN — Scanned from DE
Submission: On February 23 via manual from IN — Scanned from DE
Form analysis 1 forms found in the DOM
POST /feedback
<form method="post" action="/feedback" id="roomFeedbackForm" class="d-none mt-3">
<input type="hidden" name="_csrf" value="Mc0FTWMk-7_gQAeJmlYdS6Xzyl9G8xhok5AQ">
<input type="hidden" name="roomCode" value="jrsecanalystintrouxo">
<input type="hidden" name="type" value="rooms">
<input type="hidden" name="redirect" value="json">
<div class="form-group">
<label class="mb-0" for="like">What do you like about the room?</label>
<textarea type="text" name="like" id="like" class="form-control"></textarea>
</div>
<div class="form-group">
<label class="mb-0" for="dislike">What don't you like about the room?</label>
<textarea type="text" name="dislike" id="dislike" class="form-control"></textarea>
</div>
<div class="form-group">
<label class="mb-0" for="details">Please send your suggestions, ideas and comments!</label>
<textarea id="details" type="text" name="details" class="form-control" style="padding: 5px;"></textarea>
</div>
<button type="submit" id="submitBtn" class="btn btn-success">Send Feedback</button>
</form>Text Content
We use cookies to ensure you get the best user experience. For more information
contact us. Read more
Got it!
* Learn
* Compete
King of the Hill
Attack & Defend
Leaderboards
Platform Rankings
* Networks
Throwback
Attacking Active Directory
Wreath
Network Pivoting
* For Education
Teaching
Use our security labs
Create Labs
Upload & Deploy VMs
* For Business
* Login
* Join Now
* Learn
* Compete
King of the Hill
Attack & Defend
Leaderboards
Platform Rankings
* Networks
Throwback
Attacking Active Directory
Wreath
Network Pivoting
* For Education
Teaching
Use our security labs
Create Labs
Upload & Deploy VMs
* For Business
* Login
* Join Now
1793
JUNIOR SECURITY ANALYST INTRO
Start AttackBox
Use Kali Linux
Web-based Kali Machine
Use AttackBox
Recommended
Show Split View Cloud Details Awards Help
Clone Room Writeups Reset Progress Leave
Play through a day in the life of a Junior Security Analyst, their
responsibilities and qualifications needed to land a role as an analyst.
To access material, start machines and answer questions login.
* Chart
* Scoreboard
* Discuss
* Writeups
* More
Difficulty: Easy
Rank Username Total Score
DISCORD
Come join our Discord server for support or further discussions
FORUM
Read or post on the dedicated forum post
There are no writeups submitted.
Add Writeup
Submit
Writeups should have a link to TryHackMe and not include any passwords/cracked
hashes/flags
This is a free room, which means anyone can deploy virtual machines in the room
(without being subscribed)! 52002 users are in here and this room is 366 days
old.
Created by tryhackme and SecurityNomad
Active Machine Information
Loading...
Loading...
Loading...
Loading...
0%
Task 1 A career as a Junior (Associate) Security Analyst
In the Junior Security Analyst role, you will be a Triage Specialist. You will
spend a lot of time triaging or monitoring the event logs and alerts.
The responsibilities for a Junior Security Analyst or Tier 1 SOC Analyst
include:
* Monitor and investigate the alerts (most of the time, it's a 24x7 SOC
operations environment)
* Configure and manage the security tools
* Develop and implement basic IDS (Intrusion Detection System) signatures
* Participate in SOC working groups, meetings
* Create tickets and escalate the security incidents to the Tier 2 and Team
Lead if needed
Required qualifications (most common):
* 0-2 years of experience with Security Operations
* Basic understanding of Networking ( OSI model (Open Systems Interconnection
Model) or TCP/IP model (Transmission Control Protocol/Internet Protocol
Model)), Operating Systems (Windows, Linux), Web applications. To further
learn about OSI and TCP/IP models, please refer to the Introductory
Networking Room.
* Scripting/programming skills are a plus
Desired certification:
* CompTIA Security+
As you progress and advance your skills as a Junior Security Analyst, you will
eventually move up to Tier 2 and Tier 3.
An overview of the Security Operations Center (SOC) Three-Tier Model:
Answer the questions below
What will be your role as a Junior Security Analyst?
Login to answer..
Task 2 Security Operations Center (SOC)
So, what exactly is a SOC?
The core function of a SOC (Security Operations Center) is to investigate,
monitor, prevent, and respond to threats in the cyber realm 24/7 or around the
clock. Per McAfee's definition of a SOC, "Security operations teams are charged
with monitoring and protecting many assets, such as intellectual property,
personnel data, business systems, and brand integrity. As the implementation
component of an organization's overall cybersecurity framework, security
operations teams act as the central point of collaboration in coordinated
efforts to monitor, assess, and defend against cyberattacks". The number of
people working in the SOC can vary depending on the size of the organization.
What is included in the responsibilities for the SOC?
Preparation and Prevention
As a Junior Security Analyst, you should stay informed of the current
cybersecurity threats (Twitter and Feedly can be great resources to keep up with
the news related to Cybersecurity). It's crucial to detect and hunt threats,
work on a security roadmap to protect the organization, and be ready for the
worst-case scenario
Prevention methods include gathering intelligence data on the latest threats,
threat actors, and their TTPs (Tactics, Techniques, and Procedures). It also
includes the maintenance procedures like updating the firewall signatures,
patching the vulnerabilities in the existing systems, block-listing and
safe-listing applications, email addresses, and IPs.
To better understand the TTPs, you should look into one of the
CISA's (Cybersecurity & Infrastructure Security Agency) alerts on APT40 (Chinese
Advanced Persistent Threat). Refer to the following link for more
information, https://us-cert.cisa.gov/ncas/alerts/aa21-200a.
Monitoring and Investigation
A SOC team proactively uses SIEM (Security information and event management) and
EDR (Endpoint Detection and Response) tools to monitor suspicious and malicious
network activities. Imagine being a firefighter and having a multi-alarm fire -
one-alarm fires, two-alarm fires, three-alarm fires; the categories classify the
seriousness of the fire, which is a threat in our case. As a Security Analyst,
you will learn how to prioritize the alerts based on their level: Low, Medium,
High, and Critical. Of course, it is an easy guess that you will need to start
from the highest level (Critical) and working towards the bottom - Low-level
alert. Having properly configured security monitoring tools in place will give
you the best chance to mitigate the threat.
Junior Security Analysts play a crucial role in the investigation procedure.
They perform triaging on the ongoing alerts by exploring and understanding how a
certain attack works and preventing bad things from happening if they can.
During the investigation, it's important to raise the question "How? When and
why?". Security Analysts find the answers by drilling down on the data logs and
alerts in combination with using the open-source tools, which we will have a
chance to explore later in this path.
Response
After the investigation, the SOC team coordinates and takes actions on the
compromised hosts, which involves isolating the hosts from the network,
terminating the malicious processes, deleting files, and more.
Answer the questions below
Read the above.
Login to answer..
Task 3 A day In the life of a Junior (Associate) Security Analyst
View Site
To understand the job responsibilities for a Junior (Associate) Security
Analyst, let us first show you what a day in the life of the Junior Security
Analyst looks like and why this is an exciting career journey.
To be in the frontline is not always easy and can be very challenging as you
will be working with various log sources from different tools that we will walk
you through in this path. You will get a chance to monitor the network traffic,
including IPS (Intrusion Prevention System) and IDS (Intrusion Detection System)
alerts, suspicious emails, extract the forensics data to analyze and detect the
potential attacks, use open-source intelligence to help you make the appropriate
decisions on the alerts.
One of the most exciting and rewarding things is when you are finished working
on an incident and have managed to remediate the threat. Incident Response might
take hours, days, or weeks; it all depends on the scale of the attack: did the
attacker manage to exfiltrate the data? How much data does the attacker manage
to exfiltrate? Did the attacker attempt to pivot into other hosts? There are
many questions to ask and a lot of detection, containment, and remediation to
do. We will walk you through some fundamental knowledge that every Junior
(Associate) Security Analyst needs to know to become a successful Network
Defender.
The first thing almost every Junior (Associate) Security Analyst does on their
shift is to look at the tickets to see if any alerts got generated.
Are you ready to immerse yourself into the role of a Junior Security Analyst for
a little bit?
Answer the questions below
Click on the green View Site button in this task to open the Static Site Lab and
navigate to the security monitoring tool on the right panel to try to identify
the suspicious activity.
Login to answer..
What was the malicious IP address in the alerts?
Login to answer..
Hint
To whom did you escalate the event associated with the malicious IP address?
Login to answer..
After blocking the malicious IP address on the firewall, what message did the
malicious actor leave for you?
Login to answer..
Created by tryhackme and SecurityNomad
This is a free room, which means anyone can deploy virtual machines in the room
(without being subscribed)! 52002 users are in here and this room is 366 days
old.
--------------------------------------------------------------------------------
Copyright TryHackMe 2018-2022128 City Road, London, EC1V 2NX
LEARN
* Hacktivities
* Leaderboards
* Paths
DOCS
* Teaching
* About Us
* Blog
* Buy Vouchers
SOCIALS
* Twitter
* Email
* Discord
* Forum
WEB-BASED MACHINE INFORMATION
Use the web-based machine to attack other target machines you start on
TryHackMe.
* Public IP:
* Private IP: (Use this for your reverse shells)
* Username:
* Password:
* Protocol:
--------------------------------------------------------------------------------
* To copy to and from the browser-based machine, highlight the text and press
CTRL+SHIFT+C or use the clipboard
* When accessing target machines you start on TryHackMe tasks, make sure you're
using the correct IP (it should not be the IP of your AttackBox)
×
Complete the room to earn this badge
QUESTION HINT
×
...
×
CONGRATULATIONS
You've completed the room! Share this with your friends:
Leave feedback
What do you like about the room?
What don't you like about the room?
Please send your suggestions, ideas and comments!
Send Feedback
TO ACCESS THIS MACHINE, YOU NEED TO EITHER
×
Use a VPN
Connect to our network via a VPN
See Instructions
or
Use the AttackBox
Use a web-based attack machine (recommended)
Start AttackBox
EXPIRING SOON
Your machine is going to expire soon. Close this and add an hour to stop it from
terminating!
Close
EXPIRED MACHINE
Your machine has expired and terminated.
Close
HOW TO ACCESS MACHINES
×
Now you've started your machine, to access it you need to either
Download your VPN configuration file and import it into a OpenVPN client
Control a web-based machine with everything you need, all from inside your
browser
×
Close
RESET YOUR PROGRESS
×
Warning You will keep your points but all your answers in this room will be
erased.
Yes, please!
CLOUD INFORMATION
×
* Environment
* Credentials
GENERATING YOUR CERTIFICATE
×
HEY THERE, WHAT'S YOUR NAME?
If you want your name to appear on your certificate, please fill the field
below.
Full Name
YOU'RE HERE INCOGNITO? IT'S OK!
If you chose skip, your username will be used instead!
Generate with my full name
Generate with my username
Video Solution
Writeups
Forum Post
Knowledge Base
Ask Community
Show Connection Options
To access target machines you need to either:
AttackBox
Use a browser-based attack machine
OpenVPN
Connect to our network via a VPN
View the dedicated OpenVPN access page for more information
WHAT OPERATING SYSTEM ARE YOU USING?
* Windows
* Linux
* MacOS
1. Download your OpenVPN configuration pack.
2. Download the OpenVPN GUI application.
3. Install the OpenVPN GUI application. Then open the installer file and follow
the setup wizard.
4. Open and run the OpenVPN GUI application as Administrator.
5. The application will start running in the system tray. It's at the bottom of
your screen, near the clock. Right click on the application and click Import
File.
6. Select the configuration file you downloaded earlier.
7. Now right click on the application again, select your file and click Connect
1. Download your OpenVPN configuration pack.
2. Run the following command in your terminal: sudo apt install openvpn
3. Locate the full path to your VPN configuration file (normally in your
~/Downloads folder).
4. Use your OpenVPN file with the following command: sudo openvpn
/path/to/file.ovpn
1. Download your OpenVPN configuration pack.
2. Download OpenVPN for MacOS.
3. Install the OpenVPN GUI application, by opening the dmg file and following
the setup wizard.
4. Open and run the OpenVPN GUI application.
5. The application will start running and appear in your top bar. Right click
on the application and click Import File -> Local file.
6. Select the configuration file you downloaded earlier.
7. Right click on the application again, select your file and click connect.
HAVING PROBLEMS?
* If you can access 10.10.10.10, you're connected.
* Downloading and getting a 404? Go the access page and switch VPN servers.
* Getting inline cert error? Go the access page and switch VPN servers.
* If you are using a virtual machine, you will need to run the VPN inside that
machine.
* Is the OpenVPN client running as root? (On Windows, run OpenVPN GUI as
administrator. On Linux, run with sudo)
* Have you restarted your VM?
* Is your OpenVPN up-to-date?
* Only 1 OpenVPN connection is allowed. (Run ps aux | grep openvpn - are there
2 VPN sessions running?)
* Still having issues? Check our docs out.
ATTACKBOX
Use your own web-based linux machine to access machines on TryHackMe
To start your AttackBox in the room, click the Start AttackBox button. Your
private machine will take 2 minutes to start.
You can also use the dedicated My-Machine page to start and access your machine.
From here you can also deploy:
* AttackBox - Custom cyber-ready linux instance
* Kali Linux - Industry standard security linux instance
* Free AttackBox - Less powerful Attackbox with no internet
Free users get 1 free AttackBox hour. Subscribed users get more powerful
machines with unlimited deploys.
Hide IP