Category: TryHackMe

Task 1  Quick Recap In the previous room, we studied the first five principles of OWASP API Security. Now in this room, we will briefly discuss the remaining principles and their potential impact and mitigation measures. Learning Objectives Learning Pre-requisitesAn understanding of the following topics is recommended before starting the room: Connecting to the MachineWe will be using Windows…

Task 1  Introduction Open Worldwide Application Security Project (OWASP) is a non-profit and collaborative online community that aims to improve application security via a set of security principles, articles, documentation etc. Back in 2019, OWASP released a list of the top 10 API vulnerabilities, which will be discussed in detail, along with its potential impact and a…

This room breaks each OWASP topic down and includes details on the vulnerabilities, how they occur, and how you can exploit them. You will put the theory into practice by completing supporting challenges. The room has been designed for beginners and assumes no previous security knowledge. Task 3  1. Broken Access Control Websites have pages that are protected…

Task 1  Introduction Consider the following example. A prestigious hospital in the UK must ensure that it aligns with all the regulations. You are part of the team responsible for ensuring compliance with the Data Protection Act (2018). One of the requirements is to ensure that patients’ records are kept confidential and protected against unauthorised processing,…

Task 1  Introduction Cloud computing is one of the IT industry’s most common and evolving terms. In simple terms, it means delivering computing services over the internet. The customer does not need to buy and maintain physical data centres and servers in cloud computing. Instead, all services can be used with pay-as-you-go pricing (pay as per the usage…

Task 1  Introduction As computing has become more prevalent in daily life, the need for computing resources, accessibility, and extensibility is larger than ever. With access to computing resources limited, technology has needed to adapt to allow those without direct access to resources to still access modern technology. Thus, cloud computing and virtualization have come to…

A network protocol specifies how two devices, or more precisely processes, communicate with each other. A network protocol is a pre-defined set of rules and processes to determine how data is transmitted between devices, such as end-user devices, networking devices, and servers. The fundamental objective of all protocols is to allow machines to connect and…

Task 1  Introduction Network devices are the building blocks and backbone of today’s contemporary and large-scale networks and systems. The role of network devices is to ensure reliable and efficient transfer, filtering, and management of data across or within networks. Many network devices range from basic layer one hubs or repeaters to layer two switches, layer…

Active Directory (AD) is widely used by almost every big organisation to manage, control and govern a network of computers, servers and other devices. The room aims to teach basic concepts for hardening AD in line with best cyber security practices. Learning Objectives The topics that we will cover in this room include: Prerequisites Before…

Task 1  Introduction The room aims to teach basic concepts required to harden a workstation coupled with knowledge of services/software/applications that may result in hacking a computer or data breach.Learning ObjectivesIdentity & access managementNetwork managementApplication managementStorage & ComputeImportance of updating WindowsCheat sheet for hardening Windows Task 2  Understanding General Concepts Services Windows Services create and manage critical…