Open in app

Sign in

Write

Sign in

IR Philosophy and Ethics — TyrHackme — Writeup

Mohamed Ali
2 min readAug 3, 2024

--

Addressing the Incident Response philosophy.

Make every campaign better than the last with GetResponse Email Marketing + Landing Pages + Marketing Automation — $49 only

GetResponse | Professional Email Marketing for Everyone

No matter your level of expertise, we have a solution for you. At GetResponse, it's email marketing done right. Start…

getresponse.com

Task 1 Introduction

THM Corp has been hit by a major cyber breach, where sensitive company and client data has been compromised. The breach is threatening the existence of the corporation. Security teams, including incident responders, swoop in to try and contain the breach, facing various dilemmas towards preserving privacy rights, unravelling who the adversaries are and restoring the company’s integrity.

No Answer Nedde

Task 2 DFIR Recap

Q: During containment, what must be done to compromised systems to prevent more damage?

Ans: Isolate and quarantine

Q: An adversary’s entry point to an organisation can be identified as?

Ans: Ground zero

Q: What key action must be taken during recovery?

Ans: patch vulnerabilities

Task 3 Ethics in DFIR

Q: As a DFIR analyst, one must avoid any bias. What principle would you be embodying?

Ans: Objectivity

Q: Creating a map of the data handling journey during evidence preservation is establishing a what?

Ans: Chain of Custody

Q: What does providing regular updates to stakeholders ensure?

Ans: Transparency

Task 4 Duties to DFIR Teams

Q: Which duty involves building and maintaining trust with stakeholders during a cyber breach investigation?

Ans: Trustworthiness

Q: To ensure transparency, DFIR teams have a duty to?

Ans: Inform

Q: Based on the duty to inform case study, what should be considered when deciding whether to investigate a breach? (Answer1 vs Answer2)

Ans: Risk vs Embarrassment

Q: Based on the duty to responsible collection case section, what should be set in advance to prevent excessive data collection?

Ans: clear policies and procedures

Q: Under which duty would teams ensure to operate within the bounds of the law and organisational policies?

Ans: Authorisation

Task 5 Face the Dilemmas

Q: What is the flag?

Ans: THM{Face_Your_DFIR_Ethical_Dilemmas}

Q: Continue on to IR Difficulties and Challenges!

Ans: No Answer needed

I look forward to seeing you again soon

Cybersecurity
Tryhackme
Incident Response
Ethics
Dfir

--

--

Mohamed Ali
Mohamed Ali

Written by Mohamed Ali

47 Followers
5 Following

Security Researcher

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams