Cybersecurity, TryHackMe, SOC, DFIR, Malware Analysis, Blue Team
🔍 Introduction
In the ever-evolving world of cybersecurity, understanding how to defend systems is just as crucial as knowing how to attack them. After completing the Offensive Security room in TryHackMe, we now shift focus to its counterpart: Defensive Security.
This room provides a hands-on introduction to defensive roles like the Blue Team, SOC analysts, and incident responders. Here’s a full walkthrough and the correct answers for each section.
🎯 Task 1: Introduction to Defensive Security
This task introduces the fundamental purpose of defensive security — preventing and detecting intrusions.
âś… Key Topics Covered:
- Blue Team responsibilities
- Cybersecurity awareness
- Patch management
- Firewalls and IPS
- Logging and monitoring
đź“ť Question:
Which team focuses on defensive security?
âś… Answer: Blue Team
🛡️ Task 2: Areas of Defensive Security
This section dives deeper into the critical components of a defensive security infrastructure:
🧠Security Operations Center (SOC)
Monitors networks for malicious activity.
- Focus areas: vulnerabilities, unauthorized activity, policy violations, and intrusions.
- Uses tools like
SIEMto centralize alerting and monitoring.
đź“Š Threat Intelligence
Helps predict and prepare for attacks by understanding adversaries. Collects and analyzes data from internal logs and public sources.
🧬 Digital Forensics and Incident Response (DFIR)
Investigates what happened during and after an attack. Includes analyzing file systems, system memory, logs, and network packets.
🦠Malware Analysis
Studies malware to understand how it works and how to stop it. Two types: Static analysis (without running the code) and Dynamic analysis (in a controlled environment).
đź“ť Questions:
What would you call a team of cyber security professionals that monitors a network and its systems for malicious events?
âś… Answer: Security Operations Center
What does DFIR stand for?
âś… Answer: Digital Forensics and Incident Response
Which kind of malware requires the user to pay money to regain access to their files?
âś… Answer: ransomware
🖥️ SIEM Simulation Task
This section is where you experience being a SOC analyst firsthand. You’re provided with a simulated SIEM dashboard, and your goal is to review alerts and find a specific flag.
A SIEM (Security Information and Event Management) system collects logs and alerts from various sources to centralize threat detection and analysis.
🔎 Key Simulation Steps:
- Investigate failed login attempts
- Look into unknown IP connections
- Determine which events are false positives vs real threats
- Locate the threat that was blocked successfully
🎯 Final Question:
What is the flag that you obtained by following along?
âś… Answer: THM{THREAT-BLOCKED}
🧠What’s Next?
You’ve now completed the Defensive Security role room and explored the core defensive components of cybersecurity. From understanding alert handling in a SOC to diving into malware analysis, this room sets the foundation for Blue Team roles.
✅ Up next: TryHackMe’s Search Skills room — a perfect companion to boost your cyber investigation capabilities.
🙌 Final Thoughts
The “Defensive Security” room by TryHackMe is a must for anyone looking to explore the world of Blue Team operations. Whether you’re preparing for a career in SOC analysis or just getting started in cybersecurity, this room provides the hands-on experience that traditional textbooks just can’t offer.
Feel free to leave a comment or reach out if you’re also on the Blue Team path. Let’s defend the digital frontier together! 🛡️💻