In this post I’d like to talk a bit about TryHackMe and my experience working through the SOC Level 1 learning path.
TryHackMe is a learning platform that sends users to virtual machines (VM) they can access through their web browser. Extremely low barrier to entry! Absolutely no previous knowledge is required. I’m not sponsored and TryHackMe did not ask me to write this.
I’m a big fan of theirs. I think the learning paths and rooms (think learning modules) are fantastic hands-on learnings! I learned
Cyber Defense Frameworks
Cyber Threat Intelligence
Network Security and Traffic Analysis
Endpoint Security Monitoring
Security Information and Event Management (SIEM)
Digital Forensics and Incident Response
Each room walks the learner through hands-on learning. I learned all these tools:
linux (a lot!)
And even more! It’s a great platform. As of this writing it is $14 a month. If you’re not going to use it, don’t sign up, but if you really want to learn these tools and more it’s a great place to get started. You can spend as much time as you want learning these tools in real environments. You can’t break anything because it’s all VMs that start fresh each time the are launched. Getting the chance to work on these environments without setting up all these VMs is a huge time savings.
If you want to play around in there for free you can do that too. There is plenty of free content to get started with and see if you want to pay for the premium rooms and features. It’s worth checking out.
I received this email this morning and I thought it would be a great example to point out the issues in the email that flag it as a phishing email.
Alright, here we have Jr. emailing us regarding an invoice. Two things off the bat, I’m not expecting anything from someone named Jr. and I have no idea what invoice I should be expecting. The last name Hade is not familiar to me. Next this attacker used Hello and Dear right after each other. This isn’t done. Then instead of using Jason to address me he uses my email address. Next looking at the attached PDF file name, which you should never open or download, the file name is just gibberish. The attacker didn’t even go to the bother of naming it “invoice” or anything that would make more sense. If we keep looking we see that their email is gibberish too and its from a gmail domain, who does legit business with a gmail address and not a real domain like bestbuy.com or something are slim.
Okay, so I know this is a phishing attempt, but what do I do with it? I could just delete it, but that doesn’t flag as something that gmail can research and prevent other users from getting this message. I could report spam, but it’s worse than just an unsolicited marketing email. This thing is malicious, so let’s see what gmail suggest.
Okay so I click on The three dots near reply and I can submit a phishing attempt.
After clicking on the message we get a pop-up that says…
And the email is removed from my inbox. We’re done. Great job and keep vigilant, Always be suspicious!