Hello world and welcome to HaXeZ, where today we’re continuing the Red Team path on TryHackMe and looking at OPSEC. In essence, TryHackMe is a digital playground that lets you level up and test out your hacking skills. For this reason, I would recommend everyone who is interested in Cybersecurity and hacking go and check it out as there is always something new to learn.
Task 1 – Introduction
The first task in this room is the standard introduction room. Although, this task does actually have more technical information than the previous introduction rooms. The author discusses a term coined by the United States military known as OPSEC. Furthermore, they explain how OPSEC can be broken down into five steps: Critical Information, Threats, Vulnerabilities, Risks, and Countermeasures.
Task 2 – Critical Information Identification
The next task discusses critical information identification. Moreover, the author explains what a Red Team might consider critical information. For example, things like the Red Team’s capabilities, activities, and limitations could be considered critical information if the Blue Team knew it.
THM{OPSEC_CRITICAL_INFO}Task 3 – Red Team Threat Analysis
The subject of task 3 is threat analysis and explains that threat analysis can be broken down into the following questions.
- Who is the adversary?
- What are the adversary’s goals?
- What tactics, techniques, and procedures does the adversary use?
- What critical information has the adversary obtained, if any?
With that in mind, the author discusses how the Blue Team could be considered a threat. To explain, if the Blue Team were to learn of the TTP’s of the Red Team then they would be able to mitigate them.
Task 4 – Vulnerability Analysis
The fourth task discusses vulnerability analysis but not in the traditional sense of computer analyzing system vulnerabilities. In short, OPSEC vulnerability analysis is analyzing when an adversary can obtain critical information, analyze findings and act in a way that would jeopardize your plan.
Task 5 – Red Team Risk Assessment
The purpose of a Red Team risk assessment is, funnily enough, to assess risk. The author explains that the risk could be using the same IP address to perform Nmap scans, exploit with Metasploit and run a phishing campaign. Consequently, if a member of the Blue Team were to identify a single IP address, they could block it and disrupt all operations.
Task 6 – Countermeasures
In task 6 the author discusses countermeasures. Specifically, they discuss the previous example of scanning, exploiting, and phishing from the same IP address. In short, they explain that countermeasures should be deployed so that not all areas will be affected if one IP address gets blocked.
Task 7 – More Practical Examples
While the information in this section was great, I thought the questions were awful. I will expand upon that in a moment. This section covers more practical examples such as disguising your computer’s operating system so it isn’t easily identified as a threat. The information here is great, it explains how changing your hostname so that it isn’t something like Kali2021vm or Attack Box would be a good step. However, the questions in this room seemed unnecessarily obscure. If your questions are difficult due to the way they are worded and how you answer them then are you really testing the reader’s knowledge? It may just be me but these questions slowed my progress significantly as it wasn’t immediately obvious which answer belong to which and how to even answer the questions.
Answers:
4 5 2 3 1
1 5 4 3 2
5 2 4 3 1
2 3 1 5 4Task 8 – Red Team OPSEC Summary/Conclusions
With the exception of the questions in Task 7, I enjoyed this room a lot. It allowed me to think about the Red Team from a different perspective. It was interesting to follow the thought process of a Red Team having to keep their own stuff secure and analyze their own risks. It’s easy to overlook this side of things as the Red Team is the offensive team and it hadn’t occurred to me that they too need to play defensively. Anyway, great room. I hate to criticize the questions in task 7, the creator is far more knowledgeable than me and the content thus far has been amazing. However, that section completely interrupted the flow of the room.