Introduction to Cyber Security Tryhackme Module
Understand what is offensive and defensive security, and learn about careers available in cyber. Intro to Offensive Security Room | Intro to Defensive Security Room | Careers in Cyber Room
Intro to Offensive Security TryhackMe Walkthrough
Task 1 What is Offensive Security?
Offensive security is the process of breaking into computer systems, exploiting software bugs, and finding loopholes in applications to gain unauthorized access. It involves simulating a hacker’s actions to find vulnerabilities in a system.
On the other hand, defensive security is the process of protecting an organization’s network and computer systems by analyzing and securing potential digital threats. In offensive cyber roles, individuals investigate infected computers or devices, track down cybercriminals, and monitor infrastructure for malicious activity.
Which of the following options better represents the process where you simulate a hacker’s actions to find vulnerabilities in a system?
- Offensive Security
- Defensive Security
Task 2 Hacking your first machine
Hack your first website (legally in a safe environment) and experience an ethical hacker’s job.
Setting up: Connect to the Tryhackme VM via “Start Machine” button or deploy the machine locally via OpenVPN
This task provides instructions on hacking a fake bank application called FakeBank using a command-line application called “GoBuster” to find hidden directories and pages. The goal is to find a secret bank transfer page and transfer $2000 from one account to another.
- Click the “Start Machine” button to access a virtual machine for hacking FakeBank.
- Open a terminal on the virtual machine to interact with the computer.
- Use the GoBuster command-line application to brute-force FakeBank’s website and find hidden directories and pages. Command used:
gobuster -u <http://fakebank.com> -w wordlist.txt dirGoBuster will show the output, indicating the pages it found on the website. - Identify a secret bank transfer page (
/bank-transfer) that allows money transfer between accounts at the bank. - Use the hidden page on the FakeBank website to transfer $2000 from bank account 2276 to account 8881.
If your transfer was successful, you should now be able to see your new balance reflected on your account page. Go there now and confirm you got the money! (You may need to hit Refresh for the changes to appear)
Above your account balance, you should now see a message indicating the answer to this question. Can you find the answer you need?
If you were a penetration tester or security consultant, this is an exercise you’d perform for companies to test for vulnerabilities in their web applications; find hidden pages to investigate for vulnerabilities.
Task 3 Careers in cyber security
The different roles in the field of offensive security include: Penetration Tester, Red Teamer, and Security Engineer. The Cyber Careers Room provides more in-depth information about these careers.
Intro to Defensive Security TryhackMe Walkthrough
Introducing defensive security and related topics, such as threat intelligence, SOC, DFIR, and SIEM.
Introduction to Defensive Security
Offensive security involves breaking into systems through exploits and vulnerabilities, while defensive security focuses on preventing and responding to intrusions.
Defensive security tasks include:
- User awareness,
- Asset management,
- System updating and patching,
- Setting up preventative security devices, and
- Implementing logging and monitoring.
- Others include Security Operations Center (SOC), Threat Intelligence, Digital Forensics and Incident Response (DFIR), and Malware Analysis.
Which team focuses on defensive security?
Areas of Defensive Security
Security Operations Center (SOC) monitors the network for cyber security events, such as vulnerabilities, policy violations, unauthorized activity, and network intrusions.
Threat intelligence involves gathering and analyzing data to prepare against future threats.
Digital Forensics and Incident Response (DFIR): There are 3 components to this:
- Digital forensics investigates crimes and analyzes evidence, while incident response handles data breaches and cyber-attacks.
- The incident response process includes preparation, detection and analysis, containment and recovery, and post-incident activities.
- Malware analysis involves examining malicious programs (viruses, Trojan horses, ransomware, etc) through static or dynamic analysis methods to understand how they operate.
What would you call a team of cyber security professionals that monitors a network and its systems for malicious events?
What does DFIR stand for?
Which kind of malware requires the user to pay money to regain access to their files?
Practical Example of Defensive Security
- Access the SIEM Dashboard and Check the “Alert Log” for any alerts highlighted in red
- Copy the IP address (143.110.250.149) associated with the alert and Search for the IP address on open-source databases like AbuseIPDB or Cisco Talos Intelligence to determine its reputation and location
- Select a person to escalate the incident to
- Add the malicious IP address to the firewall block list
- Confirm that a flag has appeared
Careers in Cyber
Learn about the different careers in cyber security
Cyber security careers are in high demand and offer high salaries, with various roles including offensive pen-testing and defensive security. This room provides information and learning paths for individuals to break into the field and build their skills.
To get started, here are some Beginner Friendly TryHackMe learning path(s): Introduction to Cyber Security, Pre-Security, Complete Beginner, Web Fundamentals
Task 2: Security Analyst
Security Analysts are responsible for analyzing the cybersecurity of a company, compiling reports on network safety, and developing security plans. They work with stakeholders to understand security requirements.
TryHackMe learning path(s): Cyber Defense, SOC Level 1, SOC Level 2, CompTIA Pentest+
Task 3: Security Engineer
Security engineers develop and implement security solutions using threat and vulnerability data. They work on preventing various types of attacks, such as web application attacks and network threats, while also staying updated on evolving trends and tactics. The main objective is to establish and adopt security measures to minimize the risk of attacks and data loss.
Responsibilities include testing and evaluating security measures in software, monitoring networks to identify vulnerabilities and update systems accordingly, and implementing necessary systems for optimal security.
TryHackMe learning path(s): Security Engineer, Cyber Defense, CompTIA Pentest+, JR penetration Tester, and Offensive Pentesting.
Task 4: Incident Responder
Incident Responders create plans and protocols for organizations to follow during security breaches, maintain security best practices, and prepare for future attacks.
TryHackMe learning path(s): Cyber Defense
Task 5: Digital Forensics Examiner
Digital Forensics Examiners collect and analyze digital evidence to help solve crimes or defend a company’s network. This involves following legal procedures, analyzing digital evidence, and documenting and reporting your findings.
Task 6: Malware Analyst
A malware analyst analyzes suspicious programs, discovers their actions, and reports their findings. They are also called reverse-engineers as they convert compiled programs from machine language to readable code. This job requires strong programming skills, especially in low-level languages like assembly and C.
The goal is to learn about the activities of malicious programs, detect them, and report them. Responsibilities include static analysis, dynamic analysis, and documentation.
Task 7: Penetration Tester
Penetration Testers, also known as pentesters and ethical hackers, test the security of systems and software by attempting to uncover vulnerabilities and recommend actions for prevention.
TryHackMe learning path(s): JR penetration Tester, Offensive Pentesting, Red Teaming, CompTIA Pentest+
Task 8: Red Teamer
Red teamers are similar to penetration testers, but with a more focused role. Penetration testers find vulnerabilities in systems to improve cyber defense, while red teamers test a company’s ability to detect and respond to attacks. This involves mimicking cyber criminals, launching malicious attacks, maintaining access, and avoiding detection.
Red team assessments can last up to a month and are usually conducted by an external team.
TryHackMe learning path(s): Red Teaming, JR penetration Tester, Offensive Pentesting, CompTIA Pentest+
