A write-up of the Splunk Data Manipulation room. There are a few points in this room where the information might be hard to follow for people unfamiliar to Splunk. After seeing the same question pop-up in the Discord channel for TryHackMe, I decided to create a write-up that answers some common questions. This write-up assumes you are a beginner when it comes to both Linux & Splunk.

A walkthrough of the TryHackMe Breach Challenge, an teaser challenge for the Industrial Intrusion CTF. An interesting look into OT Cybersecurity working with OpenPLC, Node-RED and the Modbus protocol.

A walkthrough of the TryHackMe TShark challenges 1 and 2 in which we're analysing two alerts. We get to investigate an likely phishing attack and a possible malware infection using the TShark tool.

A walkthrough of the TryHackMe Volt Typhoon Lab, analyzing a data lake to retrace the steps of the Volt Typhoon APT "Investigate a suspected intrusion by the notorious APT group Volt Typhoon."

A walkthrough of the TryHackMe Carnage Lab, analyzing a pcap file captured by malware-traffic-analysis and shared with the infosec community.This lab gives us a taste of what a standard Cobalt Strike attack looks like, it is using mostly default Cobalt Strike settings.

In my journey to transition into cybersecurity I will be using this space to document my learning journey. These incident reports are based on labs, CTFs and practice scenarios to build hands-on experience.I aim to apply real-world frameworks and investigative thinking to improve with every post. Every post will be preceded by a write-up of the investigation and lab.

Last week TryHackMe released another new room, this time a DFIR (Digital Forensics and Incident Response room) a topic I have become quite interested in. The room covers a few topics I haven't had much experience with which made it the perfect room to spend an evening on to gain some new knowledge.

Welcome, this first post will be a general introduction of what you can expect in this blog. I'm sure that by the time I have created a few blog posts the plan will have changed. But at the of the writing of this intro, it still holds true.