www.thedutchhacker.com
Open in
urlscan Pro
63.250.43.15
Public Scan
URL:
https://www.thedutchhacker.com/mitre-on-tryhackme/
Submission: On January 29 via manual from ZM — Scanned from DE
Submission: On January 29 via manual from ZM — Scanned from DE
Form analysis 4 forms found in the DOM
GET https://www.thedutchhacker.com/
<form class="gridlove-search-form" action="https://www.thedutchhacker.com/" method="get"><input name="s" type="text" value="" placeholder="Type here to search..."><button type="submit" class="gridlove-button-search">Search</button></form>GET https://www.thedutchhacker.com/
<form class="gridlove-search-form" action="https://www.thedutchhacker.com/" method="get"><input name="s" type="text" value="" placeholder="Type here to search..."><button type="submit" class="gridlove-button-search">Search</button></form>GET https://www.thedutchhacker.com/
<form class="gridlove-search-form" action="https://www.thedutchhacker.com/" method="get"><input name="s" type="text" value="" placeholder="Type here to search..."><button type="submit" class="gridlove-button-search">Search</button></form>Name: mc-embedded-subscribe-form — POST https://thedutchhacker.us1.list-manage.com/subscribe/post?u=4cad4ea3c0da4bbcaabe72ec4&id=48bacd854c
<form action="https://thedutchhacker.us1.list-manage.com/subscribe/post?u=4cad4ea3c0da4bbcaabe72ec4&id=48bacd854c" method="post" id="mc-embedded-subscribe-form" name="mc-embedded-subscribe-form" class="validate" target="_blank" novalidate="">
<div id="mc_embed_signup_scroll">
<div class="indicates-required"><span class="asterisk">*</span> indicates required</div>
<div class="mc-field-group">
<label for="mce-EMAIL">Email Address <span class="asterisk">*</span>
</label>
<input type="email" value="" name="EMAIL" class="required email" id="mce-EMAIL">
</div>
<div id="mce-responses" class="clear">
<div class="response" id="mce-error-response" style="display:none"></div>
<div class="response" id="mce-success-response" style="display:none"></div>
</div> <!-- real people should not fill this in and expect good things - do not remove this or risk form bot signups-->
<div style="position: absolute; left: -5000px;" aria-hidden="true"><input type="text" name="b_4cad4ea3c0da4bbcaabe72ec4_48bacd854c" tabindex="-1" value=""></div>
<div class="clear"><input type="submit" value="Subscribe" name="subscribe" id="mc-embedded-subscribe" class="button"></div>
</div>
</form>Text Content
* Write Ups * Hack the box * Tryhackme * Capture the Flag (CTF) * Gadgets * How To * Resources * Books * Tools * Shop * About * * Search * * Write Ups * Hack the box * Tryhackme * Capture the Flag (CTF) * Gadgets * How To * Resources * Books * Tools * Shop * About * * Search * * * Search * Tryhackme MITRE ON TRYHACKME This is the write up for the room Mitre on Tryhackme and it is part of the Tryhackme Cyber Defense Path Make connection with VPN or use the attackbox on Tryhackme site to connect to the Tryhackme lab environment TASKS MITRE ON TRYHACKME Task 1 Read all that is in the task and press complete Task 2 Read all that is in the task and press complete Task 3 Open Phishing, Technique T1566 – Enterprise | MITRE ATT&CK® 3.1 Only blue teamers will use the ATT&CK Matrix? (Yay/Nay) Answer: Nay 3.2 What is the ID for this technique? We can find this on the page right corner Answer: T1566 3.3 Based on this technique, what mitigation covers identifying social engineering techniques? Answer: User Training 3.4 There are other possible areas for detection for this technique, which occurs after what other technique? Answer: User Execution 3.5 What group has used spear phishing in their campaigns? Answer: Dragonfly 3.6 Based on the information for this group, what are their associated groups? Click on the link Dragonfly Dragonfly, TG-4192, Crouching Yeti, IRON LIBERTY, Energetic Bear, Group G0035 | MITRE ATT&CK® Answer: TG-4192,Crouching Yeti,IRON LIBERTY,Energetic Bear 3.7 What tool is attributed to this group to transfer tools or files from one host to another within a compromised environment? Answer: PSexec 3.8 Based on the information about this tool, what group used a customized version of it? Click on the link PSexec PsExec, Software S0029 | MITRE ATT&CK® 3.9 This group has been active since what year? Click on the link FIN5 FIN5, Group G0053 | MITRE ATT&CK® Answer: 2008 3.10 Instead of Mimikatz, what OS Credential Dumping tool is does this group use? Answer: Correct Answer Task 4 4.1 For the above analytic, what is the pseudocode a representation of? Answer: Splunk Search 4.2 What tactic has an ID of TA0003? Go to mitre.org and type in the searchbox TA0003. Once found I notice the URL Persistence, Tactic TA0003 – Enterprise | MITRE ATT&CK® Answer: Persistence 4.3 What is the name of the library that is a collection of Zeek (BRO) scripts? Head to https://car.mitre.org/ and search for Zeek Answer: BZAR 4.4 What is the name of the technique for running executables with the same hash and different names? Answer: Masquerading 4.5 Examine CAR-2013-05-004, what additional information is provided to analysts to ensure coverage for this technique? Go to this URL CAR-2013-05-004: Execution with AT | MITRE Cyber Analytics Repository Answer: Unit Tests Task 5 – Shield ( This has been replaced by Mitre Engage, Questions are still the same ) Open Shield Home (mitre.org) ( Deprecated ) You now have a machine attached to this task Start the machine attached to this task 5.1 Which Shield tactic has the most techniques? Head over to Active Defense Matrix (mitre.org). We can see Detect has the most Answer: Detect 5.2 Is the technique ‘Decoy Credentials’ listed under the tactic from question #1? (Yay/Nay) Answer: Yay 5.3 Explore DTE0011, what is the ID for the use case where a defender can plant artifacts on a system to make it look like a virtual machine to the adversary? Go to the techniques Active Defense Techniques (mitre.org) Then Click on DTE0011 and notice it is a Decoy Content. Scroll further down Answer: DUC0234 5.4 Based on the above use case, what is its ATT&CK® Technique mapping? Navigate to https://shield.mitre.org/attack_mapping/mapping_all.html Answer: T1497 5.5 Continuing from the previous question, look at the information for this ATT&CK® Technique, what 2 programs are listed that adversary’s will check for? Answer: Sysinternals and Wireshark Task 6 6.1 How many phases does APT3 Emulation Plan consists of? Answer: 3 6.2 Under Persistence, what binary was replaced with cmd.exe? The answer can be found in the PDF https://attack.mitre.org/docs/APT3_Adversary_Emulation_Plan.pdf Answer: sethc.exe 6.3 Examining APT29, what 2 tools were used to execute the first scenario? The answer can be found in scenario1 infrastructure adversary_emulation_library/Infrastructure.md at master · center-for-threat-informed-defense/adversary_emulation_library · GitHub Answer Pupy and Metasploit 6.4 What tool was used to execute the second scenario? The answer can be found in scenario 2 infrastucture adversary_emulation_library/Infrastructure.md at master · center-for-threat-informed-defense/adversary_emulation_library · GitHub Answer PoshC2 6.5 Where can you find step-by-step instructions to execute both scenarios? Answer: ATT&CK Arsenal Task 7 7.1 What is a group that targets your sector who has been in operation since at least 2013? Groups | MITRE ATT&CK® Answer: APT33 7.2 Does this group use Stuxnet? (Yay/Nay) APT33, HOLMIUM, Elfin, Group G0064 | MITRE ATT&CK® Answer: Nay 7.3 As your organization is migrating to the cloud, is there anything attributed to this APT group that you should focus on? If so, what is it? Answer: Cloud Accounts 7.4 What tool is associated with this technique? Valid Accounts: Cloud Accounts, Sub-technique T1078.004 – Enterprise | MITRE ATT&CK® Answer Ruler 7.5 Per the detection tip, what should you be detecting? Answer abnormal or malicious behavior 7.6 What platforms does this affect? Answer Azure AD, Google Workspace, IaaS, Office 365, SaaS And this concludes the Mitre on Tryhackme GREAT DESIGNS AND PRODUCTS FOR YOUR HACKER’S CAVE You can get these designs on more than 70 products ranging from * T-shirt * mugs * mousepad * baseball caps * Metal prints * Art Board And much more. * I don’t give a crab See all products * Installing a new body See all products * Everything is under Ctrl See all products Sharing is caring! * Share * Tweet * Pin * Share * Share * Mail * Share Yara on Tryhackme Wireshark 101 on Tryhackme YOU MAY ALSO LIKE Tryhackme MISP ON TRYHACKME Tryhackme SPRING4SHELL: CVE-2022-22965 ON TRYHACKME Tryhackme WINDOWS EVENT LOGS ON TRYHACKME Tryhackme SYSINTERNALS ON TRYHACKME TOP 3 COURSES 1. Web application security for absolute beginners 2. Ethical Hacking Offensive Penetration Testing OSCP Prep 3. TOTAL: CompTIA PenTest+ (Ethical Hacking) + 2 FREE Tests. ONLY FOR REAL HACKERS * Installing a new body * Roses are red violets are blue your python script broke on line 32 * I don't give a crab * Everything is under Ctrl RECENT POSTS * MISP on Tryhackme * Spring4Shell: CVE-2022-22965 on Tryhackme * Windows Event Logs on Tryhackme * Sysinternals on Tryhackme * Love – HackTheBox Writeup CREATE A ROGUE ACCESS POINT Hak5 WiFi Pineapple Mark VII + Field Guide Book MOST POPULAR POST INTRO TO ISAC ON TRYHACKME JERRY – HACKTHEBOX WRITE UP ZTH – OBSCURE WEB VULNS INTRO TO WINDOWS ON TRYHACKME DELIVERY – HACKTHEBOX WRITE UP SIGN UP Signup today for free and be the first to get notified on new updates. * indicates required Email Address * FOLLOW ME * twitter * facebook TAGS Burpsuite Capture the flag Hacking Active Directory HackTheBox Beginners track Metasploit Offline Attack Password recovery Python Tryhackme Complete Beginner Path Tryhackme CompTIA Pentest+ Path Tryhackme Cyber Defense Path Tryhackme Jr Penetration Tester Path Tryhackme Offensive Pentesting Path Tryhackme Web Fundamentals Path Web application hacking MY OTHER SITES * Best Redbubble shop * IT Blogger * The Home Automation Blog * twitter * facebook Copyright © 2023. * Write Ups * Hack the box * Tryhackme * Capture the Flag (CTF) * Gadgets * How To * Resources * Books * Tools * Shop * About MOST POPULAR POST INTRO TO ISAC ON TRYHACKME JERRY – HACKTHEBOX WRITE UP ZTH – OBSCURE WEB VULNS INTRO TO WINDOWS ON TRYHACKME DELIVERY – HACKTHEBOX WRITE UP CONTACT US * Tweet * Share * Share * Mail * Share * Share