Tryhackme - Intro to Endpoint Security

Tryhackme – Intro to Endpoint Security

In this walk through, we will be going through the Intro to Endpoint Security room from Tryhackme. In this room, we will learn about the fundamentals of endpoint security monitoring, essential tools, and high-level methodology. It gives an overview of determining a malicious activity from an endpoint and mapping its related events. So, let’s get started.

Intro to Endpoint Security

Task 1 – Room Introduction

Task 1 - Room Introduction

Task 2 – Endpoint Security Fundamentals

Question 1 – What is the normal parent process of services.exe?

wininit.exe

Question 2 – What is the name of the network utility tool introduced in this task?

TCPview

Task 2 - Endpoint Security Fundamentals

Task 3 – Endpoint Logging and Monitoring

Question 1 – What is the PowerShell cmdlet for viewing Windows Event Logs?

Get-WinEvent

Question 2 – Provide the command used to enter OSQuery CLI.

osqueryi

Question 3 – What does EDR mean? Provide the answer in lowercase.

Endpoint Detecion and Response

Task 3 - Endpoint Logging and Monitoring

Task 4 – Endpoint Log Analysis

Question 1 – Click on the green View Site button in this task to open the Static Site Lab and start investigating the threat by following the provided instructions.

Done

Question 2 – Provide the flag for the simulated investigation activity.

Simulated investigation

beacon.exe

Malicious process

Malicious IP

Room completed

flag.txt

THM{3ndp01nt_s3cur1ty!}

Task 4 - Endpoint Log Analysis

Task 5 – Conclusion

Task 5 - Conclusion

Also Read: Tryhackme – Internal

So that was “Intro to Endpoint Security” for you. In this room we covered the fundamentals of Endpoint security, looked into some logging and monitoring solutions and endpoint log analysis. At last, we tested the theory we have learned throughout the room with a series of questions based on a simulated investigation environment. On that note, i will take your leave but remember to “Keep Defending”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top