Intro to ISAC

THM Room https://tryhackme.com/room/introtoisac

TASK 1 : Introduction

Read the above and move on to ‘What are ISACs’.

No Answer

TASK 2 : Basic Terminology

Read the above and familiarize yourself with the various terminology.

No Answer

TASK 3 : What is Threat Intelligence

Read the above and move on to, What are ISACs

No Answer

TASK 4 : What are ISACs

Read the above and move on to What are IOCs?

No Answer

TASK 5 : Using Threat Connect to create a Threat Intel dashboard

Read the Above and create a custom dashboard.

No Answer

TASK 6 : Introduction to AlienVault OTX

Read the above and familiarize yourself with the OTX UI.

No Answer

TASK 7 : Using OTX to gather Threat Intelligence

Read the above and familiarize yourself with the OTX ISAC.

No Answer

TASK 8 : Creating IOCs

Read the above and practice using the Cerber ransomware sample.

No Answer

TASK 9 : Investigation Scenarios

Scenario 1 Your incident response team has quarantined a suspicious bin file. The team thinks it is a ransomware variation. Investigate and create indicators for the file. You can find the shellcode under C:\Users\Jon\Documents\Scenarios\Scenario 1

Scenario 2 You have been assigned to analyze this week’s quarantined files. The file is thought to be an unknown trojan or a new strain of the emotet malware. Investigate and create indicators for the file.

You can find the shellcode under C:\Users\Jon\Documents\Scenarios\Scenario 2

Read the above and complete the investigations

No Answer

What is the name of the file from Scenario 1?

Answer : 29D6161522C7F7F21B35401907C702BDDB05ED47.bin

What is the size of the file from Scenario 1 in bytes?

Answer : 96,535

What is the size on disk of the file from Scenario 1 in bytes?

Answer : 98,304

What is the MD5 hash of the file from Scenario 1?

Answer : 8baa9b809b591a11af423824f4d9726a

What is the name of the file from Scenario 2?

Answer : cryptowall.bin

What is the size of the file from Scenario 2 in bytes?

Answer : 246,272

What is the size on disk of the file from Scenario 2 in bytes?

Answer : 249,856

What is the MD5 hash of the file from Scenario 2?

Answer : 47363b94cee907e2b8926c1be61150c7

Create IOCs for both files using IOCe.

No Answer

Intro to ISAC

TASK 1 : Introduction

Read the above and move on to ‘What are ISACs’.

TASK 2 : Basic Terminology

Read the above and familiarize yourself with the various terminology.

TASK 3 : What is Threat Intelligence

Read the above and move on to, What are ISACs

TASK 4 : What are ISACs

Read the above and move on to What are IOCs?

TASK 5 : Using Threat Connect to create a Threat Intel dashboard

Read the Above and create a custom dashboard.

TASK 6 : Introduction to AlienVault OTX

Read the above and familiarize yourself with the OTX UI.

TASK 7 : Using OTX to gather Threat Intelligence

Read the above and familiarize yourself with the OTX ISAC.

TASK 8 : Creating IOCs

Read the above and practice using the Cerber ransomware sample.

TASK 9 : Investigation Scenarios

Read the above and complete the investigations

What is the name of the file from Scenario 1?

What is the size of the file from Scenario 1 in bytes?

What is the size on disk of the file from Scenario 1 in bytes?

What is the MD5 hash of the file from Scenario 1?

What is the name of the file from Scenario 2?

What is the size of the file from Scenario 2 in bytes?

What is the size on disk of the file from Scenario 2 in bytes?

What is the MD5 hash of the file from Scenario 2?

Create IOCs for both files using IOCe.

Further Reading

Pyramid Of Pain

Jr Security Analyst Intro

Polkit CVE-2021-3560