TryHackMe: Junior Security Analyst Intro Walkthrough (SOC Level 1)

January 22, 2025
January 22, 2025 Jasper
Welcome to this walkthrough of the Junior Security Analyst Intro Room on TryHackMe.

Originally I had planned not to make a walkthrough on this room, but it ended up being the only not I have not written (so far), so I decided to cover this short room as well.
In this room we play through a day in the life of a Junior Security Analyst, their responsibilities and qualifications needed to land a role as an analyst.

Junior Security Analyst Intro Banner

Junior Security Analyst Intro Banner

Room URL: https://tryhackme.com/r/room/jrsecanalystintrouxo

This room is part of the SOC Level 1 Path.

I am making these walkthroughs to keep myself motivated to learn cyber security, and ensure that I remember the knowledge gained by these challenges on HTB and THM.
Join me on learning cyber security. I will try and explain concepts as I go, to differentiate myself from other walkthroughs.

Now, let’s move on!


Task 1: A career as a Junior (Associate) Security Analyst

As a Junior Security Analyst (Tier 1 SOC Analyst), your primary role is to serve as a Triage Specialist, spending much of your time monitoring and investigating event logs and alerts in a typically 24/7 SOC operations environment.

Key Responsibilities

  • Monitor and investigate alerts.
  • Configure and manage security tools.
  • Develop and implement basic IDS (Intrusion Detection System) signatures.
  • Participate in SOC working groups and meetings.
  • Create tickets and escalate security incidents to Tier 2 or the Team Lead.

Qualifications

  • Experience: 0–2 years in Security Operations.
  • Knowledge: Basic understanding of networking (e.g., OSI and TCP/IP models), operating systems (Windows, Linux), and web applications.
  • Skills: Scripting or programming experience is a plus.

Desired Certification

  • CompTIA Security+

Career Progression

Starting as a Junior Security Analyst (Tier 1), you can advance to Tier 2 and Tier 3 roles as you gain experience and enhance your skills.

Questions

What will be your role as a Junior Security Analyst?

As a Junior Security Specialist you will be a triage specialist.
In cybersecurity, triage is a cyber incident response approach to identifying, prioritizing, and resolving cybersecurity attacks, threats, and damages within a network.

Answer:Triage Specialist


Task 2: Security Operations Center (SOC)

A SOC is a Security Operations Center, and it serves as the backbone of an organization’s cybersecurity framework, operating 24/7 to monitor, investigate, prevent, and respond to cyber threats. According to McAfee, SOC teams protect critical assets like intellectual property, personnel data, business systems, and brand integrity, acting as the central hub for coordinated cyber defense.

Key Responsibilities of the SOC

1. Preparation and Prevention

  • Stay informed on current cybersecurity threats using resources like Twitter and Feedly.
  • Detect and hunt for threats and work on a security roadmap to protect the organization.
  • Gather intelligence on emerging threats, threat actors, and TTPs (Tactics, Techniques, and Procedures).
  • Perform maintenance tasks such as:
    • Updating firewall signatures.
    • Patching vulnerabilities.
    • Block-listing/safe-listing applications, email addresses, and IPs.
  • Study resources like CISA’s alerts for understanding threat actors like APT40.

2. Monitoring and Investigation

  • Use tools like SIEM (Security Information and Event Management) and EDR (Endpoint Detection and Response) to proactively monitor the network for suspicious activity.
  • Prioritize alerts by severity: Critical, High, Medium, Low.
  • Conduct investigations by:
    • Exploring attack methods to understand the “how, when, and why.”
    • Examining logs, alerts, and leveraging open-source tools to uncover malicious activities.
  • Perform triaging to prevent further damage while understanding the nature of an attack.

3. Response

  • Coordinate actions to mitigate threats, including:
    • Isolating compromised hosts.
    • Terminating malicious processes.
    • Deleting harmful files.

Junior Security Analysts play a pivotal role in these processes, starting with triage and learning to prioritize threats while contributing to the organization’s overall cybersecurity efforts.

Questions

Read the above.

Answer: No answer needed


Task 3: A day In the life of a Junior (Associate) Security Analyst

Being on the frontline of cybersecurity is both exciting and challenging. A Junior Security Analyst works with various log sources and tools to monitor network traffic, handle IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) alerts, analyze suspicious emails, and extract forensic data to detect and analyze potential attacks. Open-source intelligence (OSINT) plays a crucial role in making informed decisions about alerts.

Incident Response

One of the most rewarding aspects of the role is successfully remediating threats. Incident response can take hours, days, or even weeks, depending on the scale of the attack. Analysts must address questions like:

  • Did data exfiltration occur?
  • How much data was affected?
  • Did the attacker pivot to other hosts?

Detection, containment, and remediation are key to resolving incidents and securing the organization.

Daily Routine

At the start of each shift, Junior Security Analysts typically review tickets to identify any generated alerts.

This role provides fundamental skills and knowledge to build a successful career as a Network Defender. Are you ready to immerse yourself in the responsibilities of a Junior Security Analyst and explore security monitoring tools to identify suspicious activity?

Challenge

It is time to get some practical experience. Press the View Site button and let’s answer the questions together!

Questions

Click on the green View Site button in this task to open the Static Site Lab and navigate to the security monitoring tool on the right panel to try to identify the suspicious activity.

Make sure you have started the site 🙂

Answer: No answer needed

What was the malicious IP address in the alerts?

You will be met by a page that is meant to look like a SIEM (Security Information and Event Management) system. If you look at the Alert log you will see one entry that is red when you hover over the row, and it also mentions an unauthorized connection attempt. It mentions an IP address so this must be the answer.

SIEM Unauthorized connection attempt

SIEM Unauthorized connection attempt

Answer: 221.181.185.159

To whom did you escalate the event associated with the malicious IP address?

Click on the row entry and you can move on with the challenge. Press continue untl you are met by an IP Scanner application.
Enter the IP we found in the previous question.

IP Scanner

IP Scannning the IP Address

We will get a result that indicates that the IP address is malicious:

Malicious IP found

Malicious IP found

Press next, and now you get to decide whom to escalate the event to.

A Sales Executive does not make sense, and a Security Architect does not seem to be the right person either. While I guess you could escalate it to a security consulant, normally you would send it to the SOC Team Lead (Will Griffin), who will decide what to with the event.

Will Griffin

Escalating to Will Griffin

Answer: Will Griffin

After blocking the malicious IP address on the firewall, what message did the malicious actor leave for you?

Now all that is left to block the malicious IP address:

Firewall Block List

Firewall Block List

Enter the IP, press the button, and you will get the flag:

Answer: THM{UNTIL-WE-MEET-AGAIN}


Congratulations on completing Junior Security Analyst Intro!!!

Congratulations on completing Junior Security Analyst

Congratulations on completing Junior Security Analyst

Congratulations on finishing this walkthrough of the TryHackMe Junior Security Analyst Intro room. This was a quick appetizer on the stuff we will learn on the SOC Level 1 Path.

I hope you enjoyed this walkthrough. Come back soon for more walkthroughs of rooms on TryHackMe and HackTheBox, and other Cybersecurity discussions.


Like my articles?

You are welcome to give my article a clap or two 🙂
I would be even more grateful if you support me by buying me a cup of coffee:

Buy me a coffee

Buy me a coffee

I learned a lot through HackTheBox’s Academy. If you want to sign up, you can get extra cubes, and support me in the process, if you use the following link:

https://referral.hackthebox.com/mzwwXlg

, , ,

Leave a Reply

Your email address will not be published. Required fields are marked *