![Advent of Cyber 2024 [ Day 2] Writeup with Answers | TryHackMe Walkthrough](https://media.licdn.com/dms/image/v2/D5612AQHnyCFykKNvUw/article-cover_image-shrink_720_1280/article-cover_image-shrink_720_1280/0/1733159001291?e=2147483647&v=beta&t=k6ht2IZfHHHcF5WBJFBD-kPXAiFSgt55Y1U37CmAR0c)
Advent of Cyber 2024 [ Day 2] Writeup with Answers | TryHackMe Walkthrough
Karthikeyan Nagaraj
Penetration Tester | Secured NASA, Oxford, Drexel, and 15+ Government Organisations | Co-Lead Defcon Local Chapter | Speaker
Welcome to TryHackme — Advent of Cyber 2024
Event Link:
More log-on attempts? Could this be a hack? It looks like The glitch, with a brute force attack
Confusion then reigned, with “hmms” and head scratches, it seems that applied….were security patches???
Using the SOC Superpower
The SOC has a superpower. When they are unsure whether an activity is performed by a malicious actor or a legitimate user, they can just confirm with the user. This privilege is not available to the attacker. A SOC analyst, on the other hand, can just send an email or call the relevant person to get confirmation of a certain activity. In mature organisations, any changes that might trigger an alert in the SOC often require Change Requests to be created and approved through the IT change management process. Depending on the process, the SOC team can ask the users to share Change Request details for confirmation. Surely, if it is a legitimate and approved activity, it must have an approved Change Request.
Task 8: One man’s false positive is another man’s potpourri.
1. What is the name of the account causing all the failed login attempts?
We can able to find out that under user name column....
Medium Writeup
Linux | DevSecOps | Cyber Security | Python | AWS | Docker | K8s | Ansible | Salt | Terraform | ELK | Zabbix | Content Writter @Medium
3 个月Useful tips