No video
Try Hack Me: Windows Event Logs
Рет қаралды 7,869
Күн бұрынThis is the continuation of our Cyber Defense path! This is a very entry level and great way to start learning defense! This is a box all about how to view event logs on windows and how to investigate them.
If you want to see exclusive content and have the opportunity to game and chat with me about anything check out the patreon!
Patreon to help support the channel! Thank you so much!
/ stuffy24
Hacker Discord
/ discord
Task 1 (00:00:00 - 00:01:20)
Task 2 (00:01:20 - 00:15:30)
Task 3 (00:15:30 -00:22:50)
Task 4 (00:22:50 - 00:34:00)
Task 5 (00:34:00 - 00:42:45)
Task 6 (00:42:45 - 00:45:25)
Task 7 (00:45:25 - 00:54:00)
Task 8 (00:54:00 - 00:55:00)
@stuffy24 2 жыл бұрын
Powershell is my favorite way to pull logs! whats yours?!
@Surya000Bhakti-xv4xw 2 ай бұрын
just a question how to copy and paste code into vm of windows I tried and doesn't work
@stuffy24 2 ай бұрын
@@Surya000Bhakti-xv4xw ctl c to copy and ctl v to paste
@tamaraf69 Жыл бұрын
I recently had been hacked - or at least caught the start of it, and I know nearly nothing about the Windows Event Logs, this really helped me see how to read them and I think I'd like to actually work in this area.
@stuffy24 Жыл бұрын
That's awesome! So cool to see people learn and progress! Hit me up on the discord and I can give you some paths to get started!
Жыл бұрын
XPath really did a number on my head 😅
@DiamondStumpy 10 ай бұрын
Super helpful! its far better to spend 1 hour learning and watching this way then spending multiple hours just on the box itself
@stuffy24 10 ай бұрын
Thank you so much!
@sielecassharpe678 4 ай бұрын
I completed this room but it was tough for me. Thank you for your walk through and I am going through it again because I want to better understand what Im doing and how to query these longs. Your walkthrough is super duper helpful and now the material makes way more sense the second time around.
@stuffy24 4 ай бұрын
Glad it helped! That's all I care about
@stuffy24 4 ай бұрын
Make sure to check out the discord as well for further help
@hensolo8825 8 ай бұрын
this is so helpful!!! thank you! i was so confused with the room alone
@JDobermann 9 ай бұрын
Thank you man, it was really discouraging room until i found your video. Great Work!
@stuffy24 9 ай бұрын
Thanks so much
@TheSoundEffectZone 8 ай бұрын
Thanks, Room would have taken forever if you probably didn't upload this. Glad you also explained some extra stuff.
@mallorii86110 Жыл бұрын
Thank you. I was so stumped on Task 7 mainly because I'm always hesitant to Google, and there were SO many sources at once- some of which no longer work... I wasn't sure what I was meant to already know and what I was "allowed" to look up, if that makes sense. So I really avoided doing it for a few days.
@mallorii86110 Жыл бұрын
But once I actually knew what to filter it wasn't so bad. With finding the downgrade attack, the version being 2.0 was also a giveaway IIRC
@stuffy24 Жыл бұрын
Thank you! I def understand what you mean! That's tough to know when you know something well enough!
@mallorii86110 Жыл бұрын
@@stuffy24 It was literally making me so stressed for days LMFAO then it was so simple.
@stuffy24 Жыл бұрын
@@mallorii86110 literally hacking in a nutshell lol
@DigitalHoplite 5 ай бұрын
Great content!
@user-oo1xh2mi8b 9 ай бұрын
these are actually helpful!!!
@stuffy24 9 ай бұрын
Thank you!
@silentkille4 2 жыл бұрын
really like your videos
@stuffy24 2 жыл бұрын
Thank you!
@stuffy24 Жыл бұрын
@Mr Robot I can try and take a look at it tonight
@pograva Жыл бұрын
@@stuffy24 Do you resolve the question? 💪
@stuffy24 Жыл бұрын
@@pograva I will try to look tonight. Can you hop on the discord and remind me?
@pograva Жыл бұрын
@@stuffy24 yes don't warry 😊 . I'm find to do the combinaton of the commands, but I think that the question is not very understandable 😔
@JAWbreaker316 6 ай бұрын
I noticed TryHackMe doesnt' do this, but in the LogName section of the query, it's not listed on this Details View on the XML chart. So how do we know when to use "Application" versus "Security", etc? Is it solely due to the data we are looking to retrieve? Is there a comprehensive list of the LogNames we can look at? Tried searching but no luck. (and BTW I thought that all of this info would be on the Event Viewer XML Details tab, but TryHackMe doesn't really explain why we needed to use "Application" when it first teaches the command in the modules. Thanks for helping me understand.
@stuffy24 6 ай бұрын
Application logs are going to corelate to Applications where security corelates to security actions such as access logs
@jacvbtaylor Жыл бұрын
Thank you!
@stuffy24 Жыл бұрын
Thank you for the support!
@denza2843 Жыл бұрын
Network Security and Traffic Analyst was way more interesting then going through EndPoint Security Monitoring( it was kinda boring). I hope that Siem and Phishing will be more interesting. Someone with simlar thinking?
@stuffy24 Жыл бұрын
Haha well to be fair most SIEM's will ingest these logs and then you can search for them but the reality is you have to know how to do this for offensive and defensive because you have to understand what is getting logged and how it appears to avoid it. Endpoint security is insanely fun just not reading logs lol
@tryme8191 Жыл бұрын
task 3 question "What event files would be read when using the query-events command?" does anyone had an issue with submitting the answer "Read events from an event log, log file, or using structured query"? it keeps saying this is wrong answer!!!
@tunechilee15 Жыл бұрын
I know this is late but the answer is "event log, log file, or structured query" they shortened the answer.
@deanhaycox 11 ай бұрын
@@tunechilee15 just tried it and it works
@kananalasgarli2193 Жыл бұрын
Where did you find log clear evet id 104. I also searched and just found 1102. Task 7 q3
@stuffy24 Жыл бұрын
Just a quick bit of research and this was one of my first google responses if you want to check it out kb.eventtracker.com/evtpass/evtpages/EventId_104_Microsoft-Windows-Eventlog_64337.asp#:~:text=The%20%253%20log%20file%20was%20cleared.&text=This%20event%20is%20logged%20when%20the%20log%20file%20was%20cleared.&text=This%20is%20a%20normal%20condition.
@kananalasgarli2193 Жыл бұрын
@@stuffy24 Thanks for quick response bro
@pograva Жыл бұрын
27736
@johnvardy9559 4 ай бұрын
@stuffy24 could you tell me CDSA or CCD cert?
@stuffy24 4 ай бұрын
That depends on you and what your trying to get them for.
@johnvardy9559 4 ай бұрын
@@stuffy24 thanks stuffy, what interests me is to acquire skills, and after that to be able to ASK for Job.
@stuffy24 4 ай бұрын
@@johnvardy9559 Well those both will provide skills to you. Neither will get you a job.
@johnvardy9559 4 ай бұрын
@@stuffy24 I agree, that's why I asked you which of the 2 will give me more stuff and more value.
@stuffy24 4 ай бұрын
@johnvardy9559 that entirely depends on you though. What your goals are and what you want to get out of them. I can't tell you what skills you need to learn since idk your current skillsets.
@dited555dited7 Жыл бұрын
Task 3 /if:true does not work.
@stuffy24 Жыл бұрын
Feel free to join the discord and throw your questions with screenshots in there
@dited555dited7 Жыл бұрын
It’s /lf:true (it was an L)
@deanhaycox 11 ай бұрын
@@dited555dited7 I put I as well until I heard on the video as L
What the Meowk!
Рет қаралды 9 МЛН