In this walk through, we will be going through the Intro to Endpoint Security room from Tryhackme. In this room, we will learn about the fundamentals of endpoint security monitoring, essential tools, and high-level methodology. It gives an overview of determining a malicious activity from an endpoint and mapping its related events. So, let’s get started.
Task 1 – Room Introduction
Task 2 – Endpoint Security Fundamentals
Question 1 – What is the normal parent process of services.exe?
wininit.exe
Question 2 – What is the name of the network utility tool introduced in this task?
TCPview
Task 3 – Endpoint Logging and Monitoring
Question 1 – What is the PowerShell cmdlet for viewing Windows Event Logs?
Get-WinEvent
Question 2 – Provide the command used to enter OSQuery CLI.
osqueryi
Question 3 – What does EDR mean? Provide the answer in lowercase.
Endpoint Detecion and Response
Task 4 – Endpoint Log Analysis
Question 1 – Click on the green View Site button in this task to open the Static Site Lab and start investigating the threat by following the provided instructions.
Done
Question 2 – Provide the flag for the simulated investigation activity.
THM{3ndp01nt_s3cur1ty!}
Task 5 – Conclusion
Also Read: Tryhackme – Internal
So that was “Intro to Endpoint Security” for you. In this room we covered the fundamentals of Endpoint security, looked into some logging and monitoring solutions and endpoint log analysis. At last, we tested the theory we have learned throughout the room with a series of questions based on a simulated investigation environment. On that note, i will take your leave but remember to “Keep Defending”.