Bismillahi…!!!
At the start of the week, saw me launch myself on this most touted Cybersecurity platform, TryHackMe.
When and Where did I heard about this platform? I got to hear about it on a X-space which was held by these Cyber Gurus; @RedHatPentester, @_Rega_n, @Sec_fortress et al. This space was basically organized for beginner pentesters like myself.
After going through the registration process, I was welcomed handsomely. I didn’t rush to start with the Jr Pentration Tester path, as it is where my interest lies. I instead begun with the Pre Security path. So I can have a feel of a beginner.
PRE SECURITY
I was introduced to the topics to be learnt at this pre-stage. Topics Such as;
i. Intro to Offensive Security
ii. Intro to Defensive Security
iii. Careers in Cyber
WHAT IS OFFENSIVE SECURITY
Offensive Security is the act of breaking(not with the use of hammer🥴) into computer systems, exploiting software bugs, and finding loopholes in applications to gain unauthorized access to them. CatchWord: To beat a hacker, you need to behave like a hacker(but please…Don’t wear a black hoody and a scary face mask but rather a white hoody and a beautiful smile)😊
Besides, there is also DEFENSIVE SECURITY. WHAT IS DEFENSIVE SECURITY?
This is the act of protecting an organization’s network and computer systems by analyzing and securing any potential digital threats and investigating infected computers or devices to understand how it was hacked.
This activity was really fun. Because I got to have a feel of how the bad guys steal from the ordinary person.
WHAT CAREERES ARE THERE?
I got to understand that the cyber careers room goes deeper into the various careers in cyber. Offensive Security for instance have roles such as: Penetration Tester, Red Teamer and Security Engineer.
Peeping into the Defensive Security room, I got to glean from what they do, as it is somewhat opposite of Offensive Security. I learnt the Defensive side are more concerned with two tasks:
1. Preventing intruders
2. Detecting intruders when they find their way in, and responding accordingly
Blue teamers, I just realized you’re also part of the Defensive side of the security landscape. But don’t forget the strikers(offensive) side would always find loopholes(vulnerabilities) and strike a goal.😁😂
Apart from the two main tasks the defensive side performs, the following are other tasks they add up to the above two:
* Creating users awareness of cyber security
* Documenting and managing assets
* Updating and patching systems
* Setting up preventive security devices
* Setting up logging and monitoring devices
However, the roles in this defensive room are: Security Operations Center(SOC), Threat Intelligence, Digital Forensics and Incident Response (DFIR) and Malware Analysis.
At least less delve into understanding what these roles are:
Security Operations Center (SOC):
SOC is a team of cyber security professionals that monitors the network and its systems to detect malicious cyber security events. So in this team we have the following:
* Threat Intelligence: This branch of the SOC team aims to gather information to help the company better prepare against potential adversaries. The purpose is to achieve a threat-informed-defense.
* Digital Forensics: They focus on analyzing evidence of an attack and exhuming the bad guys behind the attack and intellectual property theft, cyber espionage and possession of unauthorized content. As a result, digital forensics focus on these various areas; File system, System memory, System log and Network logs.
* Incident Response: They specifies the methodology that should be followed to handle cyber attack or data breach, however, in some cases, it can be something less critical, such as a misconfiguration, an intrusion attempt, or a policy violation.
Nonetheless, in case of a cyber attack, how would the incident response team handle it? Ideally, a plan ready for incident response is developed. The major phases of the incident process are:
~Preparation: a team gauge their readiness to handle incidents and then various measures are put in place to prevent incidents from happening in the first place.
~ Detection and Analysis: the team deploy the necessary resourses to detect any incident. Go further to analyze the detected incidents to learn about its severity.
~ Containment, Eradiction and Recovery: After an incident is detected. It becomes crucial to stop it, eliminate it and recover the affected systems.
~ Post-Incident Activity: After successful recovery, a report is produced and the learned lesson is shared to prevent similar future incidents.
MALWARE ANALYSIS
Malware refers to malicious software or program. Malware includes the following; Virus, Trojan Horse, Ransomware.
Malware analysis aims to learn about such malicious programs using various means:
1. Static analysis works by inspecting the malicious program without running it.
2. Dynamic analysis works by running the malware in a controlled environment and monitoring its activities.
After learning the above, I had to practicalize it. And from a day in the Life of a Junior Security Analyst. I didn’t hesitate to escalate the event to Will Griffin, the SOC Team Lead.
I then darted to complete the careers quiz where THM detected I will be a very good Security Analyst. May it come to pass…Aameen.🤲🙂🤲
Thanks for reading to this far…We keep on keeping on…InshAllah.
Wallahu ‘aelam…!!!
