Chaotic Security Blog

Worked my way through Cyber Threat Intelligence on TryHackMe. Cyber Threat Intelligence combines both paid and open-source materials to help you track active cyber threats and get details on IOCs and APTs. Learning to use tools like Yara to help write and configure rules for both IDS/IPS systems. A good foundation for help with threat hunting and resolution.

Started working on the TryHackMe SOC Level 1 learning path. It begins with a solid foundation in Cyber Defense Frameworks. So here you can go through various methods like the Cyber Kill Chain and the Diamond Model, learn about the MITRE attack framework, and put those skills to use in a few challenges. 

Completed the CyberSecurity 101 learning path on TryHackMe! There is a lot of great information in this section, and even now, I want to review a lot of it and look forward to getting started working on the SOC Level 1 learning path next. 

Completed a section related to Security Solutions. This covers some fundamental items, like Firewalls, Intrusion Detection Systems, and a bit of Vulnerability Scanning.

Walked through another section for TryHackMe. This one was related to Defensive Security. So it covers some of the basics of SOC, Digital Forensics, Incident Response, and Logs. These are some of the core items that you will encounter when working in the field, and knowing how to quickly and accurately access and work with them will take you a long way.

Picked up some details on a tool that can be used for SQL injection attacks in the module SQLmap. SQLmap is a tool that allows you to take a URL and run it through to see if it can be exploited for various types of SQL injection attacks. So if the web portal does not properly sanitize the web inputs or form inputs. You can exploit the vulnerability in them which can cause the system tor grant access to an unauthorized party. 

Working on the Shell Overview, as this section got into the different types of shells that can be used for exploitation. It works its way through reverse shell, bind shells, web shells, and how to set up a shell listener. It shows how you can use applications like b374k shell to set up a reverse shell that can gain you access to a web application. From there you can attempt privilege escalation to gain more access to the web system for exploitation.

Finished up learning a little about Hydra via the TryHackme.com site. An interesting password cracking tool. I would say I am more blue team than red but it was good to see it in action so if you see those items pop up in a web log you know that is being attempted.

Working through some of the offensive tools rooms on Tryhackme.com

Today learned about some the basics of the file enumeration tool Gobuster. It allow you to sus out online file repositories and even try to find exposed hidden files and folders online. Another good tool if you are doing penetration testings to file out if any resource are exposed and can be exploited.

Learned a bit about Yara today in the the Yara room on Tryhackme.com. Yara is a language that is used quite a bit in the creation of rules and data related to cyber threats. Many networking appliances such a firewalls and endpoint detection system can be configured with Yara rules to help detect threats based on certain types of actions or changes. This make detecting attacks even faster as these rules are pre-written and can just be added to an existing setup to start detecting and blocking threat right away.