www.pyaeheinnkyaw.tech Open in urlscan Pro
2a06:98c1:3121::3  Public Scan

Form analysis
2 forms found in the DOM

GET https://www.pyaeheinnkyaw.tech/

<form role="search" method="get" action="https://www.pyaeheinnkyaw.tech/" class="wp-block-search__button-outside wp-block-search__text-button wp-block-search"><label for="wp-block-search__input-1" class="wp-block-search__label">Search</label>
  <div class="wp-block-search__inside-wrapper "><input type="search" id="wp-block-search__input-1" class="wp-block-search__input wp-block-search__input" name="s" value="" placeholder="" required=""><button type="submit"
      class="wp-block-search__button wp-element-button">Search</button></div>
</form>

GET https://www.pyaeheinnkyaw.tech/

<form role="search" method="get" action="https://www.pyaeheinnkyaw.tech/" class="wp-block-search__button-outside wp-block-search__text-button wp-block-search"><label for="wp-block-search__input-5" class="wp-block-search__label">Search</label>
  <div class="wp-block-search__inside-wrapper "><input type="search" id="wp-block-search__input-5" class="wp-block-search__input wp-block-search__input" name="s" value="" placeholder="" required=""><button type="submit"
      class="wp-block-search__button wp-element-button">Search</button></div>
</form>

Text Content

This website uses cookies to improve your experience. Learn More
OK

Skip to content

PHK Knowledge Sharing

Sharing Knowledge related to Apple Products as well as Information Security

 * About Me
 * Privacy Policy

   
   
 * Home
 * Ethical Hacking
 * TryHackMe | MITRE Room Walkthrough 2022

Search
Search

 * About Me
 * Privacy Policy

 * Facebook - https://www.facebook.com/ph0b14Knowledge
 * Instagram - https://www.instagram.com/phkknowledgesharing/
 * YouTube - https://www.youtube.com/c/PHKKnowledgeSharing


CATEGORIES

 * AirPods
 * Apple Watch
 * Ethical Hacking
 * Information Security
 * iPad
 * iPhone
 * Knowledge
 * Mac


RECENT POSTS

 * Security Operations Center တွေမှာ Incident Response ဘယ်လိုလုပ်ကြလဲ?
 * TryHackMe | MITRE Room Walkthrough 2022
 * Security Operations Center တွေမှာသုံးတဲ့ SIEM အကြောင်း
 * Cyber Security (Blue Team) အတွက် သုံးလေ့ရှိတဲ့ Tools များ
 * SOC143 – Password Stealer Detected Writeup

 * Ethical Hacking


TRYHACKME | MITRE ROOM WALKTHROUGH 2022

 * by Pyae Heinn Kyaw
 * August 19, 2022August 19, 2022

You can find the room here.


TASK 1: INTRODUCTION TO MITRE

No answer needed


TASK 2: BASIC TERMINOLOGY

No answer needed


TASK 3: ATT&CK FRAMWORK

Question 1: Besides blue teamers, who else will use the ATT&CK Matrix? 

> Answer: Red Teamers

Question 2: What is the ID for this technique?

> Answer: T1566

Question 3: Based on this technique, what mitigation covers identifying social
engineering techniques?

> Answer: User Training

Question 4: What are the data sources for Detection? (format:
source1,source2,source3 with no spaces after commas)

> Answer: Application Log,File,Network Traffic

Question 5: What groups have used spear-phishing in their campaigns? (format:
group1,group2)

> Answer: Axiom,GOLD SOUTHFIELD

Question 6: Based on the information for the first group, what are their
associated groups?

> Answer: Group 72

Question 7: What software is associated with this group that lists phishing as a
technique?

> Answer: Hikit

Question 8: What is the description for this software?

> Answer: Hikit is malware that has been used by Axiom for late-stage
> persistence and exfiltration after the initial compromise.

Question 9: This group overlaps (slightly) with which other group?

> Answer: Winnti Group

Question 10: How many techniques are attributed to this group?

> Answer: 15


TASK 4: CAR KNOWLEDGE BASE

Question 1: For the above analytic, what is the pseudocode a representation of?

> Answer: Splunk Search

Question 2: What tactic has an ID of TA0003?

> Answer: Persistence

Question 3: What is the name of the library that is a collection of Zeek (BRO)
scripts?

> Answer: BZAR

Question 4: What is the name of the technique for running executables with the
same hash and different names?

> Answer: Masquerading

Question 5: Examine CAR-2013-05-004, besides Implementations, what additional
information is provided to analysts to ensure coverage for this technique?

> Answer: Unit Tests


TASK 5: MITRE ENGAGE

Question 1: Under Prepare, what is ID SAC0002?

> Answer: Persona Creation

Question 2: What is the name of the resource to aid you with the engagement
activity from the previous question?

> Answer: PERSONA PROFILE WORKSHEET

Question 3: Which engagement activity baits a specific response from the
adversary?

> Answer: Lures

Question 4: What is the definition of Threat Model?

> Answer: A risk assessment that models organizational strengths and weaknesses


TASK 6: MITRE D3FEND

Question 1: What is the first MITRE ATT&CK technique listed in the ATT&CK
Lookup dropdown?

> Answer: Data Obfuscation

Question 2: In D3FEND Inferred Relationships, what does the ATT&CK technique
from the previous question produces?

> Answer: Outbound Internet Network Traffic


TASK 7: ATT&CK EMULATION PLANS

Question 1: In Phase 1 for the APT3 Emulation Plan, what is listed first?

> Answer: C2 Setup

Question 2: Under Persistence, what binary was replaced with cmd.exe?

> Answer: sethc.exe

Question 3: Examining APT29, what  C2 frameworks are listed in Scenario 1
Infrastructure? (format: tool1,tool2)

> Answer: Pupy,Metasploit Framework

Question 4: What C2 framework is listed in Scenario 2 Infrastructure?

> Answer: PoshC2

Question 5: Examine the emulation plan for Sandworm. What webshell is used for
Scenario 1? Check MITRE ATT&CK for the Software ID for the webshell. What is the
id? (format: webshell,id)

> Answer: P.A.S.,S0598


TASK 8: ATT&CK AND THREAT INTELLIGENCE

Question 1: What is a group that targets your sector who has been in operation
since at least 2013?

> Answer: APT33

Question 2: As your organization is migrating to the cloud, is there anything
attributed to this APT group that you should focus on? If so, what is it?

> Answer: Cloud Accounts

Question 3: What tool is associated with the technique from the previous
question?

> Answer: Ruler

Question 4: Per the detection tip, what should you be detecting? (format:
phrase1 or phrase2)

> Answer: abnormal or malicious behavior

Question 5: What platforms does the technique from question #2 affect?

> Answer: Azure AD, Google Workspace, IaaS, Office 365, SaaS


TASK 9: CONCLUSION

No answer needed

Pyae Heinn Kyaw

Featured Photo – YouTube (Sezcurity)

Post Views: 11,646
 * Tags: MITRE, TryHackMe


TRYHACKME | MITRE ROOM WALKTHROUGH 2022

August 19, 2022


TRYHACKME | MITRE ROOM WALKTHROUGH 2022

August 19, 2022



RELATED POSTS

 * SECURITY OPERATIONS CENTER တွေမှာ INCIDENT RESPONSE ဘယ်လိုလုပ်ကြလဲ?

 * SECURITY OPERATIONS CENTER တွေမှာသုံးတဲ့ SIEM အကြောင်း

 * CYBER SECURITY (BLUE TEAM) အတွက် သုံးလေ့ရှိတဲ့ TOOLS များ

Search
Search

 * About Me
 * Privacy Policy

 * Facebook - https://www.facebook.com/ph0b14Knowledge
 * Instagram - https://www.instagram.com/phkknowledgesharing/
 * YouTube - https://www.youtube.com/c/PHKKnowledgeSharing


CATEGORIES

 * AirPods
 * Apple Watch
 * Ethical Hacking
 * Information Security
 * iPad
 * iPhone
 * Knowledge
 * Mac


RECENT POSTS

 * Security Operations Center တွေမှာ Incident Response ဘယ်လိုလုပ်ကြလဲ?
 * TryHackMe | MITRE Room Walkthrough 2022
 * Security Operations Center တွေမှာသုံးတဲ့ SIEM အကြောင်း
 * Cyber Security (Blue Team) အတွက် သုံးလေ့ရှိတဲ့ Tools များ
 * SOC143 – Password Stealer Detected Writeup

All Rights Reserved © Pyae Heinn Kyaw
Proudly powered by WordPress
Theme: AeonBlock by AeonWP.
Go to top