Attacktive Directory
What tool will allow us to enumerate port 139/445? Answer: enum4linux What is the NetBIOS-Domain Name of the machine? Answer: THM-ADContext: If you use the following nmap command nmap -A
Category: THM
Splunk2
100 Series questions Amber Turing was hoping for Frothly to be acquired by a potential competitor which fell through, but visited their website to find contact information for their executive
Splunk 101
Splunk Apps What is the ‘Folder name’ for the add-on? Answer: TA-microsoft-sysmonContext: Follow the steps of this section of the room to install the app. After installing the app you
THM – Osquery
Osquery is an open-source tool created by Facebook. With Osquery, Security Analysts, Incident Responders, Threat Hunters, etc., can query an endpoint (or multiple endpoints) using SQL syntax. Osquery can be
THM – Sysmon
Sysmon is an add-on tool for Microsoft windows for logging. With Sysmon you will be able to see detect malicious activity by tracking code and network traffic. Below you will
THM – Windows Event Logs
Per Wikipedia “Event logs record events taking place in the execution of a system to provide an audit trail that can be used to understand the activity of the system and