After spending a great deal of time studying terminology and concepts, it was time to dig into tools of the trade and get more in-depth working knowledge of all aspects of a SOC analyst role. Thoughts on each room along the way....

Cyber Defense Networks

In this series of rooms, the learner is exposed to Cyber Threat Intelligence and the concept of the Pyramid of Pain. From there we look at tools for hash value lookup like VirusTotal. From there we search for malicious IP addresses with tools like app.any.run. This evolves into lessons about domains and the use of tinyurls and "punycode". From there we start to discuss malware and resources such as Malware Bazzaar for researching malware. Next is a room based on understanding each phase of the Cyber Kill Chain and in the following room is the more modern and more detailed Unified Kill Chain. The final two rooms discuss the Diamond Intrusion Model and the MITRE Attack Model and its CVE lists including all the projects under the MITRE umbrella.

Cyber Threat Intelligence (OSINT)

These rooms focus on doing open source intelligence using the following tools and targets chosen and running in tryhackme VM's. Tools used include:

• urlscan.io
• abuse.ch
• PhishTool
• Cisco Talos Intelligence

Next up was a swiss army knife tool called "Yara" that performs pattern recognition of various binary and textual patterns. It has it's own syntax and rules to be defined but is a powerful tool in the hands of a skilled user. Next was OpenCTI which was a platform for identifying threat data in a very visual way. A much more user friendly experience. Finally MISP or the Malware Information Sharing Program was introduced as a way to do further research on malware and virus data.