June 6, 2026
Tryhackme — Summit
Objective
zerbaliy3v
3 min read
Objective
After participating in one too many incident response activities, PicoSecure has decided to conduct a threat simulation and detection engineering engagement to bolster its malware detection capabilities. You have been assigned to work with an external penetration tester in an iterative purple-team scenario. The tester will be attempting to execute malware samples on a simulated internal user workstation. At the same time, you will need to configure PicoSecure's security tools to detect and prevent the malware from executing.
Following the Pyramid of Pain's ascending priority of indicators, your objective is to increase the simulated adversaries' cost of operations and chase them away for good. Each level of the pyramid allows you to detect and prevent various indicators of attack.
First step open a new windows and click the link.
- (Hash Values) What is the first flag you receive after successfully detecting sample1.exe?
Click button and analysis the file then copy hash values.
2.(IP Addresses) What is the second flag you receive after successfully detecting sample2.exe?
And We're Switching to firewall manager section then creating the rule for egress traffic
3.(Domain Names)What is the third flag you receive after successfully detecting sample3.exe?
We're see DNS requests and domain names.
We're Switching to DNS Filter section. Adding New rules for that
- (Host Artifacts) What is the fourth flag you receive after successfully detecting sample4.exe?
Step 1 : Sysmon Event Logs
Step 2 :
- (Network Artifacts) What is the fifth flag you receive after successfully detecting sample5.exe?
sample5.exe uses advanced methods for hiding. but every 97 bytes pause 30 min and request.
- (Host Artifacts) What is the final flag you receive from Sphinx?
Potencial data exfiltration log
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Room: https://tryhackme.com/room/summit