In this article, I will write a write-up for Logs Fundamentals that covers Introduction to Logs, Types of Logs, Windows Event Logs Analysis, and Web Server Access Logs Analysis.
Where can we find the majority of attack traces in a digital system?
Logs
What is the name of the last user account created on this system?
hacked
Which user account created the above account?
Administrator
On what date was this user account enabled? Format: M/D/YYYY
6/7/2024
Did this account undergo a password reset as well? Format: Yes/No
Yes
If you are downloading the log file for the analysis, some browsers like Chrome would block downloading it because it contains IP addresses, URLs, and User agent strings that may be flagged as malicious by their security mechanisms. You can click “Keep file” or any other alternative option available in your browser after it blocks the download.
What is the IP which made the last GET request to URL: “/contact”?
10.0.0.1
When was the last POST request made by IP: “172.16.0.1”?
06/Jun/2024:13:55:44
Based on the answer from question number 2, to which URL was the POST request made?
/contact
Thank you for reading my article. Please leave any questions or comments on improving my learning journey and the THM challenges. We can also connect more on LinkedIn or X.