TryHackMe Health Hazard Full Walkthrough 2025 | Threat Hunting Simulator | Supply Chain | Splunk

Описание: 🚩🚩 Supply Chain Compromise - Command and Scripting Interpreter - Boot or Logon Autostart Execution

🧸🧸 Room Link: https://tryhackme.com/threat-hunting-...

🐻‍❄️🚩 Scenario overview 🐻‍❄️🚩

After months of juggling content calendars and caffeine-fueled brainstorming, co-founder Tom Whiskers finally carved out time to build the company’s first website. It was supposed to be simple: follow a tutorial, install a few packages, and bring the brand to life with lightweight JavaScript magic.

But between sleepless nights and copy-pasted code, Tom started feeling off. Not sick exactly, just off. The terminal scrolled with reassuring green text, the site loaded fine, and everything looked normal.

Then, a strange file appeared on the system. No one could say where it came from. It wasn’t part of the tutorial, didn’t match any known dependencies, and didn’t even run.

It just waited.

😸 Scenario objectives😸

🍃 Determine how a threat actor first gained a foothold on the system. Identify suspicious activity that may point to the initial compromise method.
🍃 Investigate signs of malicious execution following the initial access. Analyse the logs and system behaviour to uncover the attacker's actions.
🍃 Identify any mechanisms the attacker used to maintain access across system restarts or user sessions. Look for indicators of persistence that could allow long-term control.


#tryhackme #windowsthreat #DFIR #splunk

⚠️ Educational Purpose Only
This content is for educational and authorized penetration testing purposes only. Always ensure you have permission before testing on any systems.