In this walk through, we will be going through the Threat Intelligence Tools room from Tryhackme. In this room, we will explore different OSINT tools used to conduct security threat assessments and investigations. So, let’s get started without any delay.
Table of Contents
Task 1 – Room Outline
Task 2 – Threat Intelligence
Question 1 – I’ve read on Threat Intel and the classifications
Task 3 – UrlScan.io
Question 1 – What is TryHackMe’s Cisco Umbrella Rank?
Question 2 – How many domains did UrlScan.io identify?
Question 3 – What is the main domain registrar listed?
Question 4 – What is the main IP address identified?
Task 4 – Abuse.ch
Question 1 – The IOC 126.96.36.199:5555 is linked to which malware alias on ThreatFox?
Question 2 – Which malware is associated with the JA3 Fingerprint 51c64c77e60f3980eea90869b68c58a8 on SSL Blacklist?
Question 3 – From the statistics page on URLHaus, what malware-hosting network has the ASN number AS14061?
Task 5 – PhishTool
Question 1 – What organisation is the attacker trying to pose as in the email?
Question 2 – What is the senders email address?
Question 3 – What is the recipient’s email address?
Question 4 – What is the Originating IP address? Defang the IP address.
Question 5 – How many hops did the email go through to get to the recipient?
Task 6 – Cisco Talos Intelligence
Question 1 – What is the listed domain of the IP address from the previous task?
Question 2 – What is the customer name of the IP address?
Complete Web Reviews
Task 7 – Scenario 1
Question 1 – According to Email2.eml, what is the recipient’s email address?
Question 2 – From Talos Intelligence, the attached file can also be identified by the Detection Alias that starts with an H…
Task 8 – Scenario 2
Question 1 – What is the name of the attachment on Email3.eml?
Question 2 – What malware family is associated with the attachment on Email3.eml?
Task 9 – Conclusion
Also Read: Tryhackme – Startup
So that was “Threat Intelligence Tools” for you. We have covered the basics of threat intelligence & its classifications. Further, we used UrlScan.io to scan for malicious URLs and Abuse.ch to track malware and botnet indicators. At last, we investigate phishing emails using PhishTool and Cisco’s Talos Intelligence platform for intel gathering. On that note, i will take your leave and will see you in next one, Till then “Hack the Planet”.