Preparation is the first room in the Incident Response learning path within the TryHackMe learning platform.
The learning path consist of the following rooms:
- Preparation
- Identification & Scoping
- Threat Intel & Containment
- Eradication & Remediation
- Lessons Learned
- Tardigrade
In this post I will be walking through Identification & Scoping.
Task 1: Introduction
Question 1: No answer needed.
Task 2: Identification: Unearthing the Existence of a Security Incident
Question 1: What is the Subject of Ticket#2023012398704232?
Follow the directions in the reading to dismiss all the Windows Office warnings. Once outlook opens on the VM scroll down the inbox to the first message from John Sterling that’s the one with the correct ticket number from the question. In the message thread scroll to the first message and you will see the ticket information including the subject.
Answer: weird error in outlook
Continue reading TryHackMe Walkthrough – Incident Response – Identification & Scoping