Windows Incident Surface Solved🛡️TryHackMe Step-by-Step Walkthrough скачать в хорошем качестве

Windows Incident Surface Solved🛡️TryHackMe Step-by-Step Walkthrough

Unlock the full Windows Incident Surface on TryHackMe! 🛡️ Follow this step-by-step walkthrough to solve challenges, boost your skills, and pass with confidence. Perfect for beginners and pros alike! Enter our latest giveaway 👉 https://bit.ly/VietTube ✅ Room: https://tryhackme.com/r/room/critical 00:00 Task 1: Introduction - Windows Incident Surface Solved🛡️TryHackMe Step-by-Step Walkthrough 00:12 Task 2, 3: Acquisite, Investigate, Hunt and Respond; Task 3: VM Environment and Your Incident Case 00:39 Task 4: Reliability of the System Tools What tool did the adversary use to delete the logs? wevtutil What was the registry path used by the adversary to store and steal the login credentials? HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest 09:59 Task 5: System Profile What is the hostname of the compromised host? CCTL-WS-018-B21 What is the OS version of the compromised host? 10.0.17763 What is the Time ID of the compromised host? Turkey Standard Time 11:30 Task 6: Users and Sessions What is the total number of suspicious accounts? 3 What is the security identifier (SID) of the Guest account? S-1-5-21-1966530601-3185510712-10604624-501 When was the last time the Admin account (the one with the deliberate typo) was logged in?Answer format: MM/DD/YY HH:MM:SS XM 2/28/2024 10:21:10 AM 15:37 Task 7: Network Scope What is the name of the malicious process? Enter your answer in a defanged format. INITIAL_LANTERN[.]exe What is the directory path where the malicious process is located? C:\Users\Administrator\AppData\SpcTmp\ What is the remote port used by the malicious process? 8888 What is the full path of the suspicious program for AnyDesk? Enter your answer in a defanged format. D:\AnyDesk[.]exe What port is used by the LMV Co. firewall rules? 5985 20:28 Task 8: Background Activities I: Startup and Registry Which user account will be used to run the AnyDesk application? Public What is the value data stored in the "Userinit" key? Enter your answer in a defanged format. C:\Windows\system32\userinit[.]exe, cmd[.]exe /c "start /min netsh[.]exe -c" What is the name of the suspicious DLL linked under the netshell hive key? .\fwshield.dll 24:05 Task 9: Background Activities II: Services and Scheduled Items What is the name of the suspicious active service? LMVCSS What is the SHA256 value of the suspicious active service executable? E9AA7564B2D1D612479E193A9F8CB70DF9CFBE02A39900EEE22FE266F5320EBF What is the name of the non-running service that caught our attention? aurora-agent What is the SHA256 value of the non-running service executable? D5C8BF2D3B56B21639D8152DB277DD714BA1A61BDAF2350BD0FF7E61D2A99003 What is the original filename of the non-running service executable? Enter your answer in a defanged format. x3xv5weg[.]exe 32:03 Task 10: Background Activities III: Processes and Directories What is the parent process name of the suspicious executable (INITIAL_LANTERN) process? Enter your answer in a defanged format. services[.]exe Which user name is used for the SSH connection attempts? James What is the parent process of the malicious aurora process? Enter your answer in a defanged format. svchost[.]exe What is the file name located in the default user's temp directory? Enter your answer in a defanged format. jmp[.]exe What is the name of the potential proxy script located in the suspicious non-default temp folder? Enter your answer in a defanged format. Invoke-SocksProxy[.]psm1 What is the SHA256 value of the potential proxy script located in the suspicious non-default temp folder? E7697645F36DE5978C1B640B6B3FC819E55B00EE8D9E9798919C11CC7A6FC88B What is the label of the hidden disc volume? Setups 39:40 Task 11 Conclusion 👉What kind of video would you like to see next? windows incident surface tryhackme tryhackme windows incident surface tryhackme dfir digital forensics tryhackme incident response tryhackme windows forensics tutorial windows incident response windows registry forensics memory forensics tryhackme tryhackme investigating windows tryhackme tutorial digital forensics tryhackme tryhackme writeup incident surface cyber security 👉What did you think of this video? #windowsincidentsurface #tryhackme #digitalforensics ▶️TryHackMe Write-ups Playlist: https://youtube.com/playlist/PL5ZO3Id... ▶️Critical - TryHackMe Write-up:    • Critical - Find Secret Data🔏TryHackMe Writ...   👇For any Query message me on Facebook👇 Facebook Link : https://FB.COM/K3Lvinmitnick Disclaimer: The content in this video is strictly for Education purposes only. Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for "fair use" for purposes such as criticism, comment, news reporting, teaching, scholarship, and research. This video is not forcing anything on you. 🔔📢 Subscribe for more TIPs from VietKim → https://bit.ly/VietTube 🌐 Follow VietKim on https://FB.COM/K3Lvinmitnick 🌐 Visit https://bloggeroffer.blogspot.com/ to learn more ...