Another day, another challenge…
In this post, we’re starting a new series, the Advent of Cyber, hosted by TryHackMe. This is the fourth year of the Advent of Cyber, where a challenge is released every day leading to Christmas. There will be 25 challenges; we’re McSkidy, an elf trying to save Christmas.
In our eighteenth challenge, we discovered The Best Festival Company Infrastructure has been compromised! Through logs, we determined that Bandit Yeti was the likely culprit. Our job is to experiment and learn threat detection rules to determine the root cause of how Bandit Yeti compromised the system.
The topics explored in this challenge are threat detection, which analyzes abnormal activity, such as malicious signs of compromise on a network. A tool that can be used for threat detection is Sigma. Sigma allows us to create rules to look for malicious activity, such as new user accounts or editing scheduled tasks.
Can we use threat detection tools to find the root cause of Santa’s compromise? Find out below!
If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007