Скачать или смотреть TryHackMe Night Shift Task 7 Walkthrough SOC Analyst Investigation Splunk and PCAP

Stuck on TryHackMe Night Shift Task 7?
This video walks through a SOC-style investigation of Task 7 from the TryHackMe Night Shift CTF, combining Splunk log analysis with PCAP investigation to identify ARP spoofing, credential theft, and data exfiltration activity.

In this task, I investigate suspicious network activity detected by IDS alerts and packet captures to determine the source of the attack, the attacker’s command and control channel, and the method used for data exfiltration.

The investigation covers:

Hunting IDS alerts in Splunk using network log sources

Identifying the internal host responsible for suspicious outbound traffic

Detecting command and control communication over a non-standard port

Analysing PCAP files to identify ARP spoofing activity

Identifying a malicious MAC address impersonating the network gateway

Filtering HTTP POST requests to locate credential theft

Extracting plaintext credentials from captured traffic

Identifying a non-standard User-Agent associated with exploitation attempts

Tracing attacker-owned infrastructure used for data exfiltration

Determining the protocol used for exfiltration based on traffic patterns

Splunk and packet analysis techniques demonstrated in this video include IDS log review, protocol filtering, User-Agent analysis, ARP inspection, HTTP POST analysis, and DNS-based exfiltration identification.

This task mirrors real-world SOC workflows where analysts must correlate SIEM alerts with packet-level evidence to confirm active attacks, credential compromise, and data exfiltration.

If you are a TryHackMe student and this content violates any course or platform rules, please contact me and I will remove the video immediately.

This content is for educational and defensive security purposes only.

Tags
TryHackMe Night Shift SOC Analyst Splunk PCAP Network Analysis ARP Spoofing IDS Credential Theft DNS Exfiltration Blue Team Incident Response