#advanced-endpoint-investigations-path

🥳

It's a paid add-on?

Is this beginner-friendly?

I have feedback to send to the admin, but I don't know who to tag, so I'll leave it here.. I think this new learning path logo design looks like BTL2 when the shield has wings.

I would recommend going through DFIR module from SOC1 path beforehand

This looks good.

Done 😍😍😍

There are free rooms and premium rooms. Not a paid add on.

Thanks. I’ll have a look.

Gave +1 Rep to @slender tendon (current: #2978 - 1)

Understood. It's just I see it in the Cloud Training tagged with "Paid add-on".

Ahh, that doesn’t seem right. Thanks for reporting it, I’ll get it fixed.

Congrats , great job 🙂 🔥 🚀

Thanks 🤗

Gave +1 Rep to @frigid scaffold (current: #1 - 5413)

On my way to becoming a cyber security analyst 4 year goal

Good luck on your journey 🙂 🚀

@frigid scaffold thanks

Gave +1 Rep to @frigid scaffold (current: #1 - 5451)

Hey I am facing an issue. On the dashboard it is showing 54 % completed. But when I am in the room. It is showing 0% and even the progress bar is not increasing.

Staff members are aware and they're working on fixing the issue 🙂

oh okay.

Is anybody else having any issues with the macOS Forensics: Artefacts room and the VM not connecting? I was working this room and the VM just quit connecting.

Done!

kindly wait for sometime, this might be an issue and it will be fixed soon

Ok. No worries

NTFS Analysis. I having problem to start the machine in this room. help needed.

It's a problem on THM side , staff members are working on fixing the issue

ok thanks.

Should be fixed now

these rooms are really good

Is it just me, or is this question worded incorrectly? How can the cluster chain start at F and end at 10? Shouldn't this be the other way around?

We have a hypothetical file B and its cluster chain starts at cluster F and ends at cluster 10 . What would be the value of the FAT entry at cluster F? Provide the value as you would read it in the HxD editor (e.g. 00001111). Note: File B is not a file on the image. 

Hello guys, should we take the modules in order?

or we can jump through modules?

You don't need to take modules in order but once you choose a particular module go through in order 🙂 . For example you can jump straight to mac analysis but once you're there go through mac rooms in order

What room is this?

FAT32 analysis, FAT32 Structure: Reserved and FAT Areas, question 1.

In hexadecimal base notation F < 10 which is 15 < 16 in decimal base notation.

that makes sense, thank you!

Gave +1 Rep to @finite rune (current: #2015 - 2)

d

on MBR Tampering Case, save corrupting files is always save that long?
edit: smth went wrong with thm machine, tried another one and went smooth

Should I start this path when i want to become a digital forensics guy

?

Yeah definitely i teaches a lot of topics related to DFIR 🙂

Okay

guys

why amcache.hve on my windows VM appears empty?

"Index was out of range"

The same thing forr every registry hive

YES

sfc /scannow helped

weird VM ig

cant check other hives like SOFTWARE, SYSTEM etc. because my system (VM) is using them?

What is the name of the service that lists Systems Internals as the manufacturer?

https://tryhackme.com/room/windowsfundamentals2x0x

how can i find it?

which task

2

U want the answer?

one sec and ill tell you

i already did this

i found it

oh

okay

PsShutdown

check in hide all microsoft services , then it will shows up !

yap

this path looks really good!

yo im new

can someone teach me how to hack?

yes. just install firefox and browse in private mode.

install kali linux
And run "sudo apt update && sudo apt upgrade -y"

Anybody having issues with the VM for “Diskrupt”? It’s so slow!

In https://tryhackme.com/room/expregistryforensics Task 4 : "What is the Computer Name of the computer we are analysing?" is not accepting answer or not the correct format. It asks for 3 letter but in SYSTEM data it shows 5 letter ComputerName "James".

Hi am new here

Wc

Done!

No shit 😸

😅😀

Calling out one of the *many * nonsensical acronyms in the tech industry! 🙌 ❤️‍🔥

Nice. Finishing this path just got me under rank 4K!

Hey All, The CTF we ran in June - HoneyNet Collapse which was build based on this path is now released and part of the module https://tryhackme.com/module/honeynet-collapse. We will be adding this module to the end of this path and it can act as a capstone module where you can test your skills. If you missed it the first time around here is your chance to test your skills again!

Hello, I am working on "Windows Incident Surface" Task 8 and i cannot see any ssh connection attempts, anyone can help me?

anybody getting this error in Windows Incident Surface Room?

im unable to use the terminal

i need to use the powershell not the cmd

its working fine now

u can open powershell also as u open cmd prompt

there are no logs for event ID 4624 in Blizzard first task lab

@crystal zinc can someone help?

https://tryhackme.com/room/blizzard

room link

nvm its working after restartingthe vm

haha yeah, I wrote that room. I'll scream it from the top where I can XD

https://tenor.com/view/elmo-burn-letitburn-gif-11493949

silly acronyms send tweet xD

I am having the exact same issue. Ran the Get-NetTCPConnection cmdlet multiple times but ssh.exe never showed up. INITIAL_LANTERN.exe and badr.exe come and go from the output but never ssh.exe.

Is there a solution for this that does not involved a walkthrough?

Please I need a mentor in cyber security

Some should help me please

I need mentorship

I also

same here

I think all of us need a mentor, kkk, but it's really hard someone want to teach us, not for free ! Maybe if you call somone from this chat to resolve some puzzles together from THM. Both will learn. Sorry about my English, still learning !

If ya all will ask help like this no'one aint going do that

If youre focused or either have hunger of knowledge those people dont wait for other's

You're right! The best way it's focus on youself and study a lot!!

Interesting discussion. What would you expect of a mentor?

Well It should be
Calm Precise
And Non negotiable
He/She should know when to hold when to leave

Hello. Discord newb here. Can someone give me a hint. Task 5 of windows user activity analysis... I can't for the life of me find a second sub-folder within the documents folder.

Hint: look at the last snapshot from that task. The author forgot (tho maybe intentionally) to obfuscate all of the folder names.

Thanks! 🙏

Gave +1 Rep to @finite rune (current: #276 - 39)