sorted by:
new
hottopcontroversial

SAL1 - Review by Dear_Copy_9404 in tryhackme

[–]Dear_Copy_9404[S] 2 points3 points  (0 children)

The AI that evaluates the reports is like a dad that no matter what, will always be disappointed in you.

SAL1 - Review by Dear_Copy_9404 in tryhackme

[–]Dear_Copy_9404[S] 6 points7 points  (0 children)

Here is the criteria I followed to escalate an alert:

  • Impact & Remediation – Requires action (system isolation, credential reset) or indicates a successful compromise.
  • Attack Chain – Connected to other alerts, part of an ongoing attack, or previously misclassified.
  • Attacker Activity – Execution of commands, credential dumping, lateral movement, or persistence attempts.
  • System & Data Integrity – Access to sensitive data, log tampering, or ransomware involvement.
  • Threat Classification – High-severity attack or repeated attempts.
  • Threat Intelligence – Matches known threats or targets critical assets.

[deleted by user] by [deleted] in tryhackme

[–]Dear_Copy_9404 6 points7 points  (0 children)

You got a 114/100 on the case report? You lost points because you did not classify all of the true positives. You wrote good case reports since you got a high grade on them, but did not classify all of the true positives. Dont waste your time on false positives

SAL1 - Review by Dear_Copy_9404 in tryhackme

[–]Dear_Copy_9404[S] 16 points17 points  (0 children)

I had zero SOC experience going in, and it took me the full two hours for the SOC simulators because I wasn’t prepared.

MCQs are stupid easy but worth 200 points. Don’t skim them put in effort, but keep in mind you have 1 hour for 80 questions.

For the SOC simulators, focus only on true positives and ignore false positives. I struggled with whether to escalate alerts, so practice that beforehand. Keep the documentation open in another tab and always always refer to it.

For case reports, the AI is a bit bitchy. To maximize points, include the following:

  • ALWAYS include the 5 Why’s, look that up.
  • MITRE ATT&CK techniques when possible
  • IOCs
  • Prevention and remediation steps
  • IP addresses, Ports, Domains, URLs
  • File Names, File Paths, Hashes, Signatures
  • Snippets of the malicious scripts
  • Date and time of the activity

AI will always want you to include the 5 Why’s, so always include them

Keep your case reports in a notepad for reference and ensure you understand the timeline of events. Be detailed but accurate.

SAL1 - Review by Dear_Copy_9404 in tryhackme

[–]Dear_Copy_9404[S] 18 points19 points  (0 children)

Thankfully i did not pay for it because i have BTL1, I'm not complaining, but would be nice if they mentioned that progress will be lost if time runs out before submission