CyberSec_Blog

  Introduction I’m publishing today a walkthrough of the new TryHackMe room named “Volt Typhoon” where you’re supposed to investigate a suspected intrusion by the notorious APT group Volt Typhoon. What is Volt Typhoon?        Volt Typhoon – also known as Vanguard Panda, Brronze Silhouette, Dev-0391, UNC3236, Voltzite, and Insidious Taurus – is a state-supported Chinese cyber operation that has compromised thousands of internet-connected devices. How does it work?       Volt Typhoon works by exploiting vulnerabilities in small and end-of-life routers, firewalls and virtual private networks (VPNs), often using administrator credentials and stolen passwords, or taking advantage of outmoded tech that hasn’t had regular security updates – key weaknesses identified in US digital infrastructure.       In this challenge, we need as a security analyst investigate the intrusion realized by Volt Typhoon by retracing their steps over vario...

  This is second blue room related to SOC L2. We have to use all the learned materials and info from the previous warm up tasks linked below.  Tools : Elastic  Level: Medium All details you need are in the video :D  I hope you Enjoy with this challange !!

  Introduction: Due to the previous attacks of Boogeyman, Quick Logistics LLC hired a managed security service provider to handle its Security Operations Center. Little did they know, the Boogeyman was still lurking and waiting for the right moment to return. In this room, you will be tasked to analyse the new tactics, techniques, and procedures (TTPs) of the threat group named Boogeyman. This room may require the combined knowledge gained from the SOC L1 Path. We recommend going through the following rooms before attempting this challenge. Sysmon ItsyBitsy Investigating with ELK Thank you for watching , I hope you enjoy !! 

Introduction:       After having a severe attack from the Boogeyman, Quick Logistics LLC improved its security defences. However, the Boogeyman returns with new and improved tactics, techniques and procedures. Prerequisites This room may require the combined knowledge gained from the SOC L1 Path. We recommend going through the following rooms before attempting this challenge. Phishing Analysis Fundamentals Phishing Analysis Tools Boogeyman 1 Volatility Tools Volatility — an open-source framework for extracting digital artefacts from volatile memory (RAM) samples. Olevba — a tool for analysing and extracting VBA macros from Microsoft Office documents. This tool is also a part of the Oletools suite. I hope you enjoy this challenge together with me !!

  Introduction and Scenario : On  Friday, September 15, 2023 , Michael Ascot, a Senior Finance Director from SwiftSpend, was checking his emails in  Outlook  and came across an email appearing to be from Abotech Waste Management regarding a monthly invoice for their services. Michael actioned this email and downloaded the attachment to his workstation without thinking. Thanks for your attention i hope that you are enjoying this challenge !