And here we go! The first day revolves around Frameworks and gives us a simple overview of the few available frameworks that deal with cybersecurity events, with links to the more in-depth rooms covering each one on TryHackMe.
Since the competition rules prohibit sharing of the actual answers to the questions I shall follow them, but I’ll see what I can do in terms of writing out the steps that’ll lead to the end. But first, let’s start by watching the embedded video by John Hammond, which goes over the general information regarding the event, and ends with a walkthrough of the first task.
Who is the adversary that attacked Santa’s network this year?
Finally it’s time to open up the mock website and start cracking on the task. First part is using the clues to help build the Unified Kill Chain cycles out of the puzzle pieces, which is pretty easily done even if the pieces not fitting the board may seem a little confusing at first.
Next part of the puzzle follows the same formula, focusing on the second cycle of the attacker gaining more access and privileged to the assets within the network. Final part, Out, goes the same way again, making sure we learn to understand the impact on Confidentiality, Integrity and Availability (CIA Triad).
After putting all the pieces in the right places we get to know the identity of the culprit who attacked the webstore, and…
What’s the flag that they left behind?
…we also get the flag for the second question, somewhat funnily in the wrong order.
But that’s the first day done, giving us a nice overview about the basics on how SOC’s operate when dealing with security events.