In this video walkthrough, we covered part 2 of using Splunk in a security operation center. We investigated web applications attacks and answered 200 series questions in TryHackMe. This was part of Boss of the SOC v2.
Room Questions and Answers
What is the public IPv4 address of the server running www.brewertalk.com?
Provide the IP address of the system used to run a web vulnerability scan against www.brewertalk.com.
The IP address from Q#2 is also being used by a likely different piece of software to attack a URI path. What is the URI path? Answer guidance: Include the leading forward slash in your answer. Do not include the query string or other parts of the URI. Answer example: /phpinfo.php
What SQL function is being abused on the URI path from the previous question?
What was the value of the cookie that Kevin’s browser transmitted to the malicious URL as part of an XSS attack? Answer guidance: All digits. Not the cookie name or symbols like an equal sign.
What brewertalk.com username was maliciously created by a spear phishing attack?