NUEXUS

Cybersecrity

Week Task 1

Sultan Sallahudin
 Table of Content
Introduction to HTB Academy ____________________________________________________________________________________3
Learning Process ________________________________________________________________________________________________4
The Principle of Abstraction ______________________________________________________________________________________4
Connecting to the Academy VPN___________________________________________________________________________________4
Window Fundamentals ___________________________________________________________________________________________5
Linux Fundamentals _____________________________________________________________________________________________6
Setting Up _____________________________________________________________________________________________________7
Bash Scripting __________________________________________________________________________________________________9
Variables: ______________________________________________________________________________________________________9
Conditionals ____________________________________________________________________________________________________9
Introduction to Offensive Security _________________________________________________________________________________12
Introduction to Defensive Security _________________________________________________________________________________14
Digital Forensics and Incident Response (DFIR) Components __________________________________________________________15
Threat Hunting Introduction ______________________________________________________________________________________16
Introduction to SIEM____________________________________________________________________________________________17
2
Introduction to HTB Academy
In this module, I examined the structure of the academy, focusing on how the course modules are organized, their
individual sections, and the learning paths they offer. The academy is laid out to provide a clear, organized learning
experience. At the end of each module, there are exercises designed to assess your understanding.
Additionally, there are opportunities to practice concepts learned in previous sections.

The course modules are divided into specific topics, each followed by interactive exercises to reinforce whatyou've
just learned. The learning path is structured to help you gradually build your knowledge.

The Academy offers practical examples and hands-on activities, allowing you to apply what you've learned in real-
life scenarios. This method strengthens your understanding and enhances your skills. The exercises are designed to
challenge you and make learning more interactive.

In summary, the Academy's layout and module design ensure you receive a comprehensive and practical
education, equipping you for the real-world application of your new skills and knowledge.

3
Learning Process
Way of Thinking in information Security

The field of information security is vast, making it impossible to master everything within it. For example, becoming
proficient in more than 200 programming languages would take an enormous amount of time, and focusing solely on
learning languages without applying them practically isn't efficient. Instead, mastering one language can simplify the
process of learning others.

Core principles in information security include:

The Principle of Abstraction

The Principle of Correspondence
The Principle of Data Type Completeness

It's essential to quickly grasp these principles, adapt your knowledge to different contexts, and identify and address any gaps
in understanding.

Connecting to the Academy VPN

To engage in exercises and access target systems, it's necessary to connect workstations to the Academy VPN. HTB
Academy offers a built-in workstation called PWNbox, which comes equipped with the tools needed for these tasks.
Connecting to the VPN is straightforward—simply select the VPN location closest to you and start the instance.
Alternatively, you can download the VPN configuration file and run it on your system.

4
 Window Fundamentals
In this module, I gained insights into the fundamentals of Windows operating systems and their
security features.

Windows Versions:

We explored the evolution of Windows, starting with Windows 1.0 in 1985, and progressing to the latest
version, Windows 11. Notable milestones include the introduction of the Start Menu in Windows 95, enhanced
performance in Windows 7, and the redesigned interface in Windows 11.

Windows Security Features:

Authentication and Access Control: We learned about user accounts, password policies, and multi-factor
authentication (MFA) for enhanced security. User Account Control (UAC) was discussed as a tool to prevent
unauthorized changes.
Built-in Security Tools: We delved into Windows Defender Antivirus, Firewall, and SmartScreen, which are
designed to protect against malware and other threats.
System Hardening: Topics included patch management, Secure Boot, BitLocker encryption, and Device Guard,
all of which contribute to strengthening system security.
Network Security: We discussed features like network isolation and VPNs to secure communications within the
network.
Application Security: We examined tools such as AppLocker and Windows Defender Application Guard, which
help manage and isolate applications.
Data Protection: The module focused on Windows Information Protection (WIP) and file encryption as
methods to safeguard sensitive data.
Security Monitoring: We learned how to use Event Viewer and the Windows Defender Security Center to
monitor and manage security.
Advanced Threat Protection: The discussion covered Windows Defender ATP and threat management tools
for dealing with advanced security threats.
Privacy Settings: We also looked at controls for managing data collection and maintaining privacy.

In summary, this module provided a thorough understanding of Windows operations and the various security tools
available to protect and secure the system.

5
Linux Fundamentals
In this module on Linux Fundamentals, I explored the history and development of Linux, which began with Linus
Torvalds’s creation of the kernel in 1991. Since then, Linux has evolved into a vital component of more than 600
distributions, including well-known ones like Ubuntu and Fedora. The module covered the diverse array of Linux
distributions, from general-purpose and enterprise options to rolling releases and security-focused versions, ensuring
there's a suitable distribution for various needs and hardware configurations.

I also delved into the Linux shell, an essential command-line interface that allows users to execute commands, manage
files and processes, and automate tasks through scripting. The module highlighted key shell types like Bash, Zsh, and
Fish, each offering unique features to enhance user interaction with the system.

Key Functions of the Shell:

Command Execution: The shell enables users to run commands, execute programs, and manage processes.
Scripting: It supports scripting languages for task automation, allowing users to combine commands and
incorporate control flow elements like loops and conditionals for more complex operations.
File Management: The shell provides commands to create, delete, copy, and move files and directories.
Process Management: Users can start, stop, manage processes, and monitor system performance through the
shell.
Environment Customization: Users can set environment variables and personalize their work environment,
including configuring the command prompt and default commands.

Common Shell Types:

Bash (Bourne Again Shell): The most popular shell, known for its robust scripting capabilities and
comprehensive features.
Zsh (Z Shell): Offers advanced features like improved tab completion and extensive customization options.
Fish (Friendly Interactive Shell): Emphasizes user-friendliness with features like syntax highlighting and
automatic suggestions.
Dash (Debian Almquist Shell): A fast, lightweight shell often used for system scripting.
Ksh (Korn Shell): Provides advanced scripting features and compatibility with the Bourne shell.
Tcsh (Tenex C Shell): An enhanced version of the C shell, including command-line editing and programmable
completion.

6
Setting Up
In this module, I focused on optimizing the preparation phase for penetration testing, covering essential technologies
and setup procedures. The key areas of study included:

Organizing Resources: Efficient strategies for managing and structuring resources.

Virtualization Technologies: Fundamentals of virtualization, including the setup and configuration of Virtual
Machines (VMs) and Containers.

VM and VPS Setup:

Configuring both Linux and Windows VMs.

Setting up a Virtual Private Server (VPS) for remote, structured access to resources.

VPS Hardening: Applying security measures to strengthen the VPS environment.

The module emphasized practical engagement, using example commands and outputs to solidify concepts.
Participation is flexible, allowing you to start and stop as needed, provided all exercises and assessments are
completed.

7
 MacOS Fundamentals

In the macOS module, I thoroughly explored the operating system’s capabilities, focusing on its practical applicationsfor
penetration testing and system administration. Here’s an overview of what I accomplished:

macOS Overview:

Gained an in-depth understanding of macOS, including its design, features, and integration with Apple’s
ecosystem. I explored key features like Finder, the Dock, Menu Bar, Spotlight, Mission Control, Siri, iCloud, and
Continuity in detail.

System Administration:

System Settings and Preferences: Configured various system settings and preferences, including managing
network connections and handling application updates through native tools and Homebrew.
Filesystem Navigation: Practiced navigating the file system using both Finder and the Command-line Interface
(CLI), mastering essential file management tasks.
Networking: Set up and managed network connections, configured VPNs, used network diagnostic tools, and
handled proxies and DNS settings.

Application Management:

Installed and updated applications using the App Store and Homebrew, ensuring effective software
management.

Security Considerations:

Implemented security measures to harden the macOS environment and conducted monitoring to enhance
system security.

macOS Specifics:

Explored the macOS system structure, file system specifics, and permissions management. I also effectively
administered macOS services and applications.

Practical Exercises:

Completed hands-on exercises that reinforced my skills in using the CLI for file management, system
administration, and network configuration. These exercises included practical command usage and
troubleshooting techniques.

8
Bash Scripting
Throughout the module, I practiced commands and scripts in a terminal environment to reinforce my understandingand
apply concepts to real-world scenarios. In the Bash Scripting module, I focused on fundamental concepts and
practical exercises to enhance my skills in creating and managing bash scripts. Here’s a summary of what I covered:

Introduction to Bash:

Bash Basics: I learned that Bash is a scripting language used for automating tasks and executing commands
within the terminal on Linux and macOS. Key elements included understanding the #!/bin/bash shebang line
and executing scripts using chmod +x and ./.

Basic Scripting:

Syntax and Commands: I practiced creating simple bash scripts, using commands like echo to output text andls
to list directory contents.
Comments: I utilized the # symbol to comment out lines of code in my scripts.

Variables:

Definition and Usage: I defined and utilized variables in Bash, such as name="Jammy" and accessed them with
$name. I also explored debugging techniques using bash -x and set -x to troubleshoot scripts.

Parameters:

Command-Line Arguments: I learned to handle parameters passed to scripts, using $1 for the first argument
and $2 for the second. I practiced interactive input with the read command and managed multiple arguments.

Arrays:

Creating and Managing Arrays: I created arrays, such as transport=('car' 'train' 'bike' 'bus'), and performed
operations like printing elements, updating values, and removing items with unset.

Conditionals:

If Statements: I implemented conditional statements to check file attributes and control script behavior basedon
conditions. I wrote scripts to check if files existed and whether they were writable, making decisions
accordingly.

Practical Applications:

Scripts and Projects: I created and tested various scripts for simple tasks, such as outputting text, and more
complex ones involving file management and interactive input. I also developed a basic guessing game and a

9
file management script using conditionals.

10
11
Introduction to Offensive Security

I recently finished the "Intro to Offensive Security" module on TryHackMe, which offered a thorough introduction to
offensive security techniques and practices. Here’s a brief overview of what I accomplished:

Getting Started with the Terminal:

Terminal Access: I learned to navigate the terminal in Kali Linux, a crucial skill for performing various
tasks through the command-line interface. This was my first step in understanding how to interact with
systemswithout relying on a graphical user interface.

Finding Hidden Web Pages:

Using GoBuster: I practiced using GoBuster to uncover hidden web pages on a target site. By executing the
command gobuster -u <target> -w wordlist.txt dir, I was able to reveal directories and pages that are not visible
during regular browsing. This exercise highlighted how hidden admin panels can pose security risks if not
adequately secured.

Exploiting Vulnerabilities:

Accessing and Using Hidden Pages: A key exercise involved discovering a hidden /bank-transfer page on the
FakeBank website. This page allowed unauthorized money transfers, demonstrating how such vulnerabilities can
be exploited. I conducted a simulated transfer, resulting in the flag “BANK-HACKED,” which illustrated the
real-world implications of these security flaws.

Understanding Security Concepts:

Offensive vs. Defensive Security: The module emphasized the distinctions between offensive and defensive
security. I learned that offensive security entails actively searching for and exploiting vulnerabilities to identify
and fix weaknesses before malicious hackers can take advantage of them. Conversely, defensive security
focuses on safeguarding systems from attacks and responding to potential threats.

12
13
Introduction to Defensive Security
I recently completed the "Intro to Defensive Security" module on TryHackMe, which offered an in-depth exploration of
defensive security strategies and practices. Here’s a summary of what I learned and accomplished:

Defensive vs. Offensive Security:

Offensive Security: This involves actively breaking into systems by exploiting vulnerabilities, weak
configurations, or poor access controls, typically conducted by red teams and penetration testers.
Defensive Security: This focuses on preventing, detecting, and responding to intrusions. Key tasks include
educating users, managing assets, applying updates, implementing preventative devices, and monitoring
systems.

Core Defensive Security Tasks:

User Cyber Security Awareness: Training users to recognize and avoid potential cyber threats.
Asset Management: Keeping an inventory of all systems and devices for effective management and security.
Updating and Patching: Regularly updating systems to protect against known vulnerabilities.
Preventative Security Devices: Implementing Intrusion Prevention Systems (IPS) and firewalls to block
malicious traffic.
Logging and Monitoring: Setting up systems to detect and analyze suspicious activities and unauthorized
devices.

Security Operations Center (SOC):

Role of SOC: A SOC monitors network systems to identify and respond to malicious events. Key focus areas
include:
Vulnerabilities: Identifying and addressing system weaknesses.
Policy Violations: Ensuring compliance with security policies.
Unauthorized Activity: Detecting and blocking unauthorized access.
Network Intrusion: Identifying intrusions and preventing damage.

Threat Intelligence:

Purpose: To gather and analyze data to prepare for potential threats. This process involves collecting data from
various sources, processing it, and analyzing it to understand attackers’ tactics and motivations.

14
Digital Forensics and Incident Response (DFIR) Components:
Digital Forensics: This involves investigating digital evidence from systems and networks to gain insights into
cyber attacks.
Incident Response: This refers to managing and mitigating the impact of cyber incidents. The process
encompasses several stages, including preparation, detection and analysis, containment, eradication, recovery, and
post-incident activities.
Malware Analysis: This entails understanding malicious software through static and dynamic analysis to
determine its functionality and how to effectively combat it.

15
Threat Hunting Introduction
In this section, I explored the rationale behind Threat Hunting, focusing on the reasons for its practice:

1. Proactive Threat Detection: This highlights the necessity of actively searching for malicious actors before they
can carry out their plans, given that threats are a constant and evolving presence in the security landscape.
2. Discovering Hidden Threats: Threat Hunting can reveal malicious activities that bypass existing detection
mechanisms. Once these threats are identified, they prompt Incident Response and help improve overall
security monitoring.
3. Reducing Dwell Time: Emphasized the importance of minimizing the time attackers remain undetected withinan
environment. Reducing dwell time limits potential damage and decreases the opportunities for attackers to exploit
the environment further.
4. Enhancing Detection Methods: Discussed the importance of using insights gained from Threat Hunting to
refine detection mechanisms. This continuous feedback loop ensures that future threats, particularly those that
were previously undetectable, are identified and addressed more effectively.

16
Introduction to SIEM
In this module, I explored the fundamentals of Security Information and Event Management (SIEM) through
TryHackMe’s SOC Level 1 path. Here’s a summary of what we covered:

What is SIEM?

1. Definition and Purpose: SIEM, or Security Information and Event Management, collects and centralizes data
from various network devices and endpoints, correlating the information to facilitate the detection of security
incidents.

Network Visibility Through SIEM

1. Host-Centric vs. Network-Centric Logs: We differentiated between logs generated by individual hosts (e.g.,
Windows Event logs, Sysmon) and network activities (e.g., SSH, VPN). The module explained how SIEM
enhances visibility by aggregating and analyzing these diverse logs.

Log Sources and Ingestion

1. Types of Logs: Common log sources from Windows, Linux, and web servers were identified. We discussed
methods of log ingestion, including agents, Syslog, manual uploads, and port forwarding.

Importance and Capabilities of SIEM

1. Key Features: The module highlighted SIEM’s capabilities, such as real-time log ingestion, alerting, monitoring,
threat detection, and data visualization. We emphasized SIEM’s role in correlating data and providing actionable
insights.

Analyzing Logs and Alerts

1. Dashboards and Correlation Rules: We discussed the importance of dashboards for summarizing data and
correlation rules for threat detection. Examples of these rules and how they trigger alerts were provided.

Lab Work

1. Practical Application: I engaged in a hands-on lab where I identified and analyzed suspicious activity using
SIEM. Tasks included recognizing the processes causing alerts, understanding the event logs, and validating
alerts as true or false positives.

17
18