TRYHACKME
Advent of Cyber 2022 [Day 23] -Defence in Depth Mission ELFPossible: Abominable for a Day
Scenario: Every effort you have put through builds on top of each other to bring you right at this moment. Santa and the security team are so proud of you for sticking around and being with us until now. You’re practically a member of the SSOC team already! There’s just one more thing left to learn: a lesson that may completely change how you look at and approach security.
Day 23 Learning Objectives: Defense In Depth
Core Mindset
The core mindset that Defense in Depth is founded on is the idea that there is no such thing as a silver bullet that would defeat all of an organisation’s security woes. No single defence mechanism can protect you from the bad world out there.
Defense in Depth is mainly focused on disrupting adversarial objectives; that is, the shift of focus from ‘just’ securing the perimeter to securing everything in the path that the adversary will have to take from the perimeter to the crown jewels.
Let’s look at it at three varying levels of defense:
- The first level above can be thought of as an organisation that employs great perimeter defenses in place, such as Web Application Firewalls (WAFs), Perimeter Network Firewalls, and even a Demilitarized Zone (DMZ), but is yet to implement internal network security, and zero trust mechanisms are not yet in place.
- The second level can be thought of as an organisation that employs the first level of defenses but with more capable internal security measures, such as network segmentation, zero trust principle implementation, least privileged access principle implementation, and even hardened hosts and networks. Having this level is actually really good; however, forgetting that preventative appliances may be used for detective capabilities, too, is a wasted opportunity.
- The third level can be thought of as using the advantages of the first and second levels to ramp up the detection and response capability of the organisation via effective log collection and well-crafted analytics. This is where it goes full circle. We are not only expected to be good at layering preventive measures against attacks, but we should also be capable of responding to them if and when these defensive capabilities are bypassed.
Answer of Questions
Case 1: What is the password for Santa’s Vault?
S3cr3tV@ultPW
Case 1: What is the Flag?
THM{EZ_fl@6!}
Case 2: What is Santa’s favourite thing?
MilkAndCookies
Case 2: What is the password for Santa’s Vault?
3XtrR@_S3cr3tV@ultPW
Case 2: What is the Flag?
THM{m0@r_5t3pS_n0w!}
Case 3: What is the Executive Assistant’s favourite thing?
BanoffeePie
Case 3: What is Santa’s previous password?
H0tCh0coL@t3_01
Case 3: What is Santa’s current password?
H0tCh0coL@t3_02
Case 3: What is the 1st part of the vault’s password?
N3w4nd1m
Case 3: What is the 2nd part of the vault’s password?
Pr0v3dV@ultPW
Case 3: What is the password for Santa’s Vault?
N3w4nd1mPr0v3dV@ultPW
Case 3: What is the Flag?
THM{B@d_Y3t1_1s_n@u6hty}
What is Santa’s Code?
2845
Mission ELFPossible: What is the Abominable for a Day Flag?
THM{D3f3n5e_1n_D3pth_1s_k00L!!}
If you want to support us then you can via the “buy me a Coffee” link given below.