Tag: Incident Response

TryHackMe Walkthrough – Incident Response – Identification & Scoping

Preparation is the first room in the Incident Response learning path within the TryHackMe learning platform.

The learning path consist of the following rooms:

  • Preparation
  • Identification & Scoping
  • Threat Intel & Containment
  • Eradication & Remediation
  • Lessons Learned
  • Tardigrade

In this post I will be walking through Identification & Scoping.

Task 1: Introduction

Question 1: No answer needed.

Task 2: Identification: Unearthing the Existence of a Security Incident

Question 1: What is the Subject of Ticket#2023012398704232?

Follow the directions in the reading to dismiss all the Windows Office warnings. Once outlook opens on the VM scroll down the inbox to the first message from John Sterling that’s the one with the correct ticket number from the question. In the message thread scroll to the first message and you will see the ticket information including the subject.

Answer: weird error in outlook

Continue reading TryHackMe Walkthrough – Incident Response – Identification & Scoping

TryHackMe Walkthrough – Incident Response – Preparation

Preparation is the first room in the Incident Response learning path within the TryHackMe learning platform.

The learning path consist of the following rooms:

  • Preparation
  • Identification & Scoping
  • Threat Intel & Containment
  • Eradication & Remediation
  • Lessons Learned
  • Tardigrade

In this post I will walkthrough the Preparation room.

Task 1: Introduction

Question 1: No answer needed

Task 2: Incident Response Capability

Question 1: What is an observed occurrence within a system?

The answer is in the reading. Look at the first bullets in this task.

Answer: Event

Question 2: What is described as a violation of security policies and practices?

This answer is also in the reading, in the same place as question 1.

Answer: Incident

Continue reading TryHackMe Walkthrough – Incident Response – Preparation