Chaotic Security Blog

Working through my SOC Level 1 training, I reviewed some different Threat Intelligence tools. This covered some of the Open-Source Intelligence Tools (OSINT) available on the internet, of which there are tons. You would use things like VirusTotal or AbuseIPBD to track malicious files and IP addresses daily in triage alerts to determine whether they are related to a malicious party. 

Learning more about exploitation with the Web Hacking modules!

These items cover more about how websites and web requests work, so they cover web request methods and response codes. They also cover how JavaScript and SQL queries work and can be exploited. 

It then explains how to use Burp Suite’s basic features for web request intercepts and redirects that an attacker could perform.

 

Lastly, it goes through the OWASP TOP 10, and while this course is older (for 2021), many of the vulnerabilities are still in the top ten, like command injections and server-side request forgery. So, it’s still good to review OWASP to learn the latest exploits for web applications. 

Working my way down, I learned about Exploitation today. This is a bit more Red Team stuff, but it is still great information as it gives you insight into tools and techniques that an attack may use. 

So in this module, I learned about a well-known exploration tool, Metasploit. 

Metaspolit is a suite of tools that allows you to explore a system in almost all types. You can use it for discovery, enumeration, built-in exploits and payloads, and more. It is a tool that is designed to allow you to penetrate systems. The tools are easy to search for, but depending on the system you are attempting to exploit, they may not always be easy to use. So it takes a bit of finesse to learn the tool, but if you do, it opens a world of possibilities.

Continuing down the Cybersecurity 101 path, I worked on the Cryptography module over the last few days. This module discussed different types of cryptography at a basic level. It includes information about hashing and also teaches the basics of using John the Ripper to run a dictionary attack on a weak password.

After working through the many modules, I finished the Networking module for the Cybersecurity 101 learning path. There were many different things here, such as going over basic TCP/IP and the OSI model. Then it got into network traffic and network protocols like TLS and SSH. From there, it moves into network monitoring tools like Wireshark, which can analyze packets going across a network. It also provides the basics of using NMAP for port enumeration, service discovery, and more. It was a good review of networking items, as it has been a while since I looked at them. 

Worked through the Cyber Defense Frameworks section and learned a lot about different security frameworks like the Cyber Kill Chain, the Diamond Model, and the Unified Kill Chain. IT also got into learning about the MITRE Attack frameworks and site.

While I have been reviewing the Cybersecurity 101 modules on TryHackme.com, I have also been working on the SOC Level 1 modules, which give you training and details on how to work in a SOC. This includes things like Cyber Frameworks, Traffic Analysis, SIEMS, and a lot more.

Worked with some Windows Fundamentals today. Windows is still one of the most used OS’s out there, and being the most used also means the most often exploited for cyberattacks. This takes some basics of the Windows system but also gives a basic overview of Active Directory. 

I walked through some Linux fundamentals today. Linux seems to come up a lot in relation to cybersecurity, as many tools work in Linux regarding EDRs or firewalls, so knowing how to navigate Linux is essential.

As they updated the pre-security modules for the new Cybersecurity modules on Tryhackme.com, I decided to go back through them as they added some new modules to the list as well.