This series of walkthroughs aims to help out complete beginners with finishing the Pre Security Path on the TryHackMe (thm)1 website.

It is based on the learning content provided in the Intro to Defensive Security room.

Task 1 - Introduction to Defensive Security

Read the introduction to defensive security before proceeding to the next task.

Question 1: Which team focuses on defensive security?

Blue Team

Task 2 - Areas of Defensive Security

Topics related to defensive security like Security Operations Center (SOC) and Digital Forensics and Incident Response (DFIR) are introduced here. Gain an initial understanding before jumping to the next task.

Question 1: What would you call a team of cyber security professionals that monitors a network and its systems for malicious events?

Security Operations Center

Question 2: What does DFIR stand for?

Digital Forensics and Incident Response

Question 3: Which kind of malware requires the user to pay money to regain access to their files?


Task 3 - Practical Example of Defensive Security

In this task we get to follow along, and get a little bit of insight into a Junior (Associate) Security Analyst’s day.

Notice the log in date. It’s 05:25 in the morning. Somebody must have had a rough night… or not.

siem alerts

Run a check on the suspicious login.

scan IP

verify results

Escalate the event to a staff member.

escalate event

Adjust the firewall rules to block the malicious IP address.

block malicious IP

Grab the flag.

get the flag

Hopefully, following the tutorial in this room could shed a little bit of light on defensive security.

Question 1: What is the flag that you obtained by following along?


  1. thm - shorthand for TryhackMe from now on ↩︎