TryHackMe #2 | Intro to Defensive Security

Intro to Defensive Security

Status : Easy

Introducing defensive security and related topics, such as threat intelligence, SOC, DFIR, and SIEM.

Important Lines :

1. Firewall controls what Network traffic can go inside and what can leave the system or network.
2. IPS (Intrusion Prevention Systems) block any network traffic that matches present rules and attack signatures.
3. A Security Operations Center (SOC) is a team of cyber security professionals that monitors the network and its systems to detect malicious cyber security events.
4. Threat intelligence aims to gather information to help the company better prepare against potential adversaries.
5. In defensive security, the focus of digital forensics shifts to analyzing evidence of an attack and its perpetrators and other areas such as intellectual property theft, cyber espionage, and possession of unauthorized content.
6. Digital Forensics and Incident Response = DFIR
7. Security Information and Event Management = SIEM
8. An IP address is a logical address that allows you to communicate over the Internet

ANSWERS :

Task 01         : Introduction to Defensive Security

Question no 01  : Which team focuses on defensive security?
Answer          : Blue Team

Task 02        : Areas of Defensive Security

Question no 01 : What would you call a team of cyber security professionals that monitors a network and its systems for malicious events?
Answer         : Security Operations Center

Question no 02 : What does DFIR stand for?
Answer         : Digital Forensics and Incident Response

Question no 03 : Which kind of malware requires the user to pay money to regain access to their files?
Answer         : ransomware

Task 03        : Practical Example of Defensive Security

Question no 01 : What is the flag that you obtained by following along?
Answer         : THM{THREAT-BLOCKED}

{ First try with Yourself }