Week 3 Lab

Task 1:

1. Let’s get started! • No answer needed

Task 2: Read the task information and watch the attached videos • No answer needed

1. What was the original target of Stuxnet?

Referring to the “hint”:

• Answer: The Iran Nuclear Programme

Task 3:

1. Click the green “View Site” button at the top of this task if you haven’t already done so. • No answer needed – Complete the task on Phishing emails

2. What is the flag?

• Answer: THM{I_CAUGHT_ALL_THE_PHISH}

Task 4:

1. [Research] What currency did the Wannacry attackers request payment in? Answer: Bitcoin

Task 5:

1. Put yourself in the shoes of a malicious hacker. You have managed to dump the password database for an online service, but you still have to crack those hashes! Click the green button at the start of the task to deploy the interactive hash brute-forcer! No answer needed

2. Copy the list of passwords into the “Password List” field of the hash cracker, then click “Go”!

3. The hash cracker should find the password that matches the target hash very quickly. What is the password? Answer: TryHackMe123!

4. In the next task we will look at some of the common account protection measures, as well as how to generate secure passwords. No answer needed

Task 6:

1. Where you have the option, which should you use as a second authentication factor between SMS based TOTPs or Authenticator App based TOTPs (SMS or App)? Answer: App

Task 7:

1. Deploy the interactive content by clicking the green button at the top of the task. No answer needed

2. The interactive content for this task demonstrates what can happen if information is sent over a potentially unsafe network with various types of encryption (or lack thereof). There is no flag for this task, but you are encouraged to try each of the different scenarios, mixing and matching the options provided in the control box at the bottom right of the screen. No answer needed

Task 8:

1. What is the minimum number of up-to-date backups you should make? Answer: 3

1. Of these, how many (at minimum) should be stored in another location? Answer: 1

Task 9:

(Optional) Complete the Blue room on TryHackMe to see the brutal effects of the Eternal Blue exploit in action against an unpatched machine for yourself! No answer needed

Task 10:

To conclude: there are many different options for a malicious attacker to target both individuals and sweeping groups; however, there are remediations for every attack.

Having completed this room, you should hopefully understand a little more about these common attacks and the defences against them. You don’t need to be an expert in computers or cybersecurity to stay safe online: the solutions are simple and well-worth adopting in your personal and professional online interactions.

Answer the questions below I have completed the Common Attacks room! No answer needed

Done!