TryHackme’s Advent of Cyber 2023 — Day 13 Writeup

Intrusion detection To the Pots, Through the Walls

Learning Objectives

In today’s task, you will:

- Learn to understand incident analysis through the Diamond Model.

- Identify defensive strategies that can be applied to the Diamond Model.

- Learn to set up firewall rules and a honeypot as defensive strategies.

Analyzing Security Incidents

Let’s delve into recent cyber threat events at Best Festival Company and AntarctiCrafts. While we’ve uncovered clues and artifacts, connecting the dots to identify the attacker remains a challenge. To navigate this, we require a framework for profiling the attacker, understanding their moves, and fortifying our defenses.

Enter the Diamond Model, a security analysis framework utilized by seasoned professionals to unravel the mysteries of adversary operations. Comprising four interconnected facets, it forms a well-orchestrated blueprint of the attacker’s plans:

1. Adversary
2. Victim
3. Infrastructure
4. Capability

Drawing from our insights during Advent of Cyber, we’ll unlock the secrets…