Walkthrough

Author: Mario Martinez Jr. (ku5e / Gary7) | TryHackMe USA Rank #76 | Top 1% Difficulty: Easy Topics: Threat Modelling, MITRE ATT&CK, DREAD, STRIDE, PASTA Answers are redacted within the narrative to allow you to complete the tasks on your own, but a full table of answers is available at the end of this walkthrough. This room walks through four threat modelling frameworks used by security teams to identify, categorise, and prioritise risks. You apply each framework to realistic organisational scenarios, including a financial services company and an e-commerce payment processor. ...

Author: Mario Martinez Jr. (ku5e / Gary7) | TryHackMe USA Rank #76 | Top 1% Difficulty: Medium Topics: XDR/SIEM, Rule Syntax, Regex, Threat Detection Answers are redacted within the narrative to allow you to complete the tasks on your own, but a full table of answers is available at the end of this walkthrough. In this lab, we step into the role of a SOC analyst responsible for fine-tuning a Wazuh deployment. The default rule set captures many common threats, but specialized environments require custom detection logic to identify sophisticated adversary behavior. We focus on modifying the local rules configuration to trigger alerts based on specific log patterns and nested logic. ...

Author: Mario Martinez Jr. (ku5e / Gary7) | TryHackMe USA Rank #76 | Top 1% Difficulty: Easy/Medium Topics: Data Normalization, Pipeline Logic, Logstash Plugin Architecture Answers are redacted within the narrative to allow you to complete the tasks on your own, but a full table of answers is available at the end of this walkthrough. Logstash is the transformation engine of the Elastic Stack. Beats agents ship data efficiently but cannot normalize disparate logs at any meaningful depth. Logstash fills that gap: a server-side pipeline that ingests data from multiple sources and routes it to configured outputs after applying transformation logic. ...

Author: Mario Martinez Jr. (ku5e / Gary7) | TryHackMe USA Rank #76 | Top 1% Difficulty: Easy/Medium Topics: Data Visualization, SPL (Search Processing Language), Operational Intelligence Answers are redacted within the narrative to allow you to complete the tasks on your own, but a full table of answers is available at the end of this walkthrough. In this challenge, we act as a Splunk administrator tasked with repairing a broken data pipeline. The core issue involves a custom application that ingests logs incorrectly. Multi-line events are being fragmented, which ruins data integrity and makes analysis impossible. The fix requires navigating the backend filesystem and correcting the parsing rules that tell Splunk where each multi-line event begins. ...

Author: Mario Martinez Jr. (ku5e / Gary7) | TryHackMe USA Rank #76 | Top 1% Difficulty: Easy/Medium Topics: Data Visualization, SPL (Search Processing Language), Operational Intelligence Answers are redacted within the narrative to allow you to complete the tasks on your own, but a full table of answers is available at the end of this walkthrough. This room covers advanced Splunk capabilities, specifically how to organize data, create recurring reports, and build visual dashboards to monitor security events. ...

Author: Mario Martinez Jr. (ku5e / Gary7) | TryHackMe USA Rank #76 | Top 1% Difficulty: Easy/Medium Topics: Cryptographic Failures, Injection (SSTI), Software and Data Integrity Failures These three vulnerability classes show up in real production applications constantly. Knowing them well is what separates someone who finds a critical bug in a bug bounty program from someone who walks right past it. This walkthrough documents the steps, payloads, and reasoning used to solve each lab. ...