Preparation (THM) Tryhackme Practical Walkthrough

Difficulty : Easy

Note : All of the content and images are from https://tryhackme.com/

Room : https://tryhackme.com/room/irpreparation

Enjoy.

Task 8Practical

Once the VM has loaded, open the Nexus folder on the Desktop. This folder contains a selection of Nexus Financial's preparation documents. In reality, an organization would have significantly more documentation, tooling, and processes in place. What is provided here is the material directly relevant to the incident you will be investigating throughout this module. You are only required to review these documents and answer the questions based on their contents.

The documents in the folder are:

Asset_Inventory
IR_Policy
Communication_Plan
Pentest_Report_2025
Historic_Incidents

Once you have reviewed the documents, check the local security policies on this workstation (Part of Nexus Financial's Asset Inventory). On the lab machine, open the run dialogue, type secpol.msc, and press Enter. This opens the Local Security Policy. Navigate to the Policies under Security Settings, then review them.

Use the documents and the local security settings to answer the questions below.

Answer the questions below

Q1.) According to the asset inventory, what is the IP address of the mail server?

Answer : 10.10.10.2

Q2.) According to the pentest report, what authentication control is flagged as missing on standard user accounts?

Answer : Multi-Factor Authentication

Q3.) According to the pentest report, how many high-severity findings were identified?

Answer : 2

Q4.) According to the historic incidents log, what type of attack was recorded in NXF-INC-001?

Answer : Phishing Campaign

Q5.) What is the minimum password length configured on this workstation?

Answer : 6

Q6.) What is the audit setting configured for Audit account logon events?

Answer : No auditing

I hope you enjoyed reading this post as much as I enjoyed writing it. Thanks for reading my blog sir ;) Lawvye

Contents

Task 8Practical