The video introduces the TryHackMe SOC (Security Operations Center) Simulator, focusing on its real-world attack simulation capabilities. The tutorial walks through handling alerts, investigating cyberattacks, analyzing events, and writing case reports. This session specifically covers the "Phishing Unfolding" challenge, with promises of more challenges in later videos.
****
Receive Cyber Security Field, Certifications Notes and Special Training Videos
[ Ссылка ]
Writeup
[ Ссылка ]
******
Store
[ Ссылка ]
Patreon
[ Ссылка ]
Instagram
[ Ссылка ]
Google Profile
[ Ссылка ]
LinkedIn
[1]: [ Ссылка ]
[2]: [ Ссылка ]
Instagram
[ Ссылка ]
Twitter
[ Ссылка ]
Facebook
[ Ссылка ]
****
00:00 Introduction to TryHackMe SOC Simulator
00:04 Overview of SOC Simulation Features
00:12 Using Tools like Splunk and Reporting Cases
00:22 Overview of the Phishing Unfolding Challenge
00:32 Getting Started with the SOC Simulator
00:47 Understanding SOC Tools and Documentation
01:01 Exploring the Analyst Workstation
01:28 Using Splunk for Alert Investigation
01:52 Alert Types and Their Classifications
02:33 Starting an Alert Investigation
04:04 Prioritizing Alerts by Severity
04:29 Example: Investigating a Suspicious Parent-Child Process
06:00 Taking Ownership of an Alert
07:04 Deep Dive into Suspicious DNS Queries
08:11 Investigating Parent Process IDs
09:08 Initial Theories on Data Exfiltration
09:55 Discovering PowerCat and NGROK Usage
10:39 Steps to Analyze and Contain the Incident
12:02 Writing the Case Report
14:46 Viewing Closed Alerts and Case Reports
15:16 Conclusion and Next Steps

свернуть