Second day on the #FromZeroToHacker challenge after a successful first day!
Today I finished the introduction to Cyber Security, but I learnt loads of interesting things.
Table of contents |
Introduction |
What I have learnt today? |
Stats |
Resources |
Introduction
Today I finished the “Introduction to Cybersecurity” path from TryHackMe. I have learnt a bit about Digital Forensics and how a Security Operations Center, or SOC, works.
What I have learnt today?
Today I have read mainly about two topics: Digital Forensics and SOC and how it works.
Digital Forensics
Forensics is the application of science to investigate crimes and establish facts. Devices that may be the target of an investigation are such as USB drives, laptops, tablets, digital cameras, music players, phones, etc.
As a forensics investigator, the plan normally goes as follows:
- Acquire the evidence: Digital devices.
- Establish a chain of custody by filling out the related form appropriately.
- Place the evidence in a secure container.
- Transport the evidence to your digital forensics lab
At the lab, the process goes as follows:
- Retrieve the digital evidence from the secure container
- Create a forensic copy of the evidence.
- Return the digital evidence to the secure container.
- Start processing the copy on your forensics workstation.
But, what information can we retrieve from a device?
Each file is an open book for us. Not only because of the data that contains, but the metadata.
Metadata is data about the data. Ok… let me explain.
Let’s say you take a picture or write a text in your word processor. That’s data.
Metadata may be for example, who wrote that text. When. What software did they use to write it? When the photo was taken? Where?
Let’s see an example.
By using pdfinfo Linux tool, we can read metadata from a PDF file:
We know who wrote it, when, the software used to write it, etc. Pretty neat, right?
EXIF (Exchangeable Image File Format) is a standard for saving metadata within image files. Using exiftool in the same fashion presents us with the metadata from an image:
Elements of security operations
A Security Operations Center, or SOC, is a team of IT security professionals that monitors 24/7 a company’s network and systems. They:
- Find vulnerabilities on the network.
- Detect unauthorized activity.
- Discover policy violations
- Detect intrusions
- Support with the incident response
Elements of security operations
Data Sources
The SOC uses many data sources to monitor the network and systems, such as:
- Server logs
- DNS activity
- Firewall logs
- DHCP logs (Dynamic Host Configuration Protocol)
SOC Services
SOC services include reactive and proactive services in addition to other services.
Reactive services are the tasks initiated after detecting an intrusion or a malicious event, such as:
- Monitor security posture
- Vulnerability management
- Malware analysis
- Intrusion detection
- Reporting
Proactive services refer to the tasks handled without any indication of an intrusion, such as:
- Network security monitoring (NSM)
- Threat hunting
- Threat intelligence
A firewall is a device that inspects network packets entering and leaving a network or a system. They inspect:
- Source and destination IP addresses
- Source and destination port numbers
Stats
Yesterday I ended 619.584th in the ranking, but after today’s lesson, I climbed to 557.430th. Not bad!
Here is also the Skil Matrix:
Resources
All resources are from TryHackMe:
Path: Introduction to CyberSecurity
Introduction to Defensive Cybersecurity:
TryHackMe: Intro to Digital Forensics
TryHackMe: Security Operations