TryHackMe Walkthrough – Incident Response – Identification & Scoping

Preparation is the first room in the Incident Response learning path within the TryHackMe learning platform.

The learning path consist of the following rooms:

  • Preparation
  • Identification & Scoping
  • Threat Intel & Containment
  • Eradication & Remediation
  • Lessons Learned
  • Tardigrade

In this post I will be walking through Identification & Scoping.

Task 1: Introduction

Question 1: No answer needed.

Task 2: Identification: Unearthing the Existence of a Security Incident

Question 1: What is the Subject of Ticket#2023012398704232?

Follow the directions in the reading to dismiss all the Windows Office warnings. Once outlook opens on the VM scroll down the inbox to the first message from John Sterling that’s the one with the correct ticket number from the question. In the message thread scroll to the first message and you will see the ticket information including the subject.

Answer: weird error in outlook

Continue reading TryHackMe Walkthrough – Incident Response – Identification & Scoping