It’s a write-up about the room : Try Hack Me - Room : Threat Intelligence Tools

Task 1 : Room Outline

This room will cover the concepts of Threat Intelligence and various open-source tools that are useful. The learning objectives include:

Understanding the basics of threat intelligence & its classifications.
Using UrlScan.io to scan for malicious URLs.
Using Abuse.ch to track malware and botnet indicators.
Investigate phishing emails using PhishTool
Using Cisco’s Talos Intelligence platform for intel gathering.

Answer the questions below

Read and mark Completed

Task 2 : Threat Intelligence

Threat Intelligence is the analysis of data and information using tools and techniques to generate meaningful patterns on how to mitigate against potential risks associated with existing or emerging threats targeting organisations, industries, sectors or governments.

To mitigate against risks, we can start by trying to answer a few simple questions:

Who’s attacking you?
What’s their motivation?
What are their capabilities?
What artefacts and indicators of compromise should you look out for?

Threat Intelligence Classifications:

Threat Intel is geared towards understanding the relationship between your operational environment and your adversary. With this in mind, we can break down threat intel into the following classifications:

Strategic Intel: High-level intel that looks into the organisation’s threat landscape and maps out the risk areas based on trends, patterns and emerging threats that may impact business decisions.

Technical Intel: Looks into evidence and artefacts of attack used by an adversary. Incident Response teams can use this intel to create a baseline attack surface to analyse and develop defence mechanisms.

Tactical Intel: Assesses adversaries’ tactics, techniques, and procedures (TTPs). This intel can strengthen security controls and address vulnerabilities through real-time investigations.

Operational Intel: Looks into an adversary’s specific motives and intent to perform an attack. Security teams may use this intel to understand the critical assets available in the organisation (people, processes, and technologies) that may be targeted.

Threat Intelligence Tools

Task 1 : Room Outline

Answer the questions below

Read and mark Completed

Task 2 : Threat Intelligence

Threat Intelligence Classifications:

Strategic Intel: High-level intel that looks into the organisation’s threat landscape and maps out the risk areas based on trends, patterns and emerging threats that may impact business decisions.

Technical Intel: Looks into evidence and artefacts of attack used by an adversary. Incident Response teams can use this intel to create a baseline attack surface to analyse and develop defence mechanisms.

Tactical Intel: Assesses adversaries’ tactics, techniques, and procedures (TTPs). This intel can strengthen security controls and address vulnerabilities through real-time investigations.

Operational Intel: Looks into an adversary’s specific motives and intent to perform an attack. Security teams may use this intel to understand the critical assets available in the organisation (people, processes, and technologies) that may be targeted.

Answer the questions below

Read and mark Completed

Task 3 :

Further Reading

Bash Scripting

Intro to Docker

Bash Scripting